* [OE-core][scarthgap 00/25] Patch review
@ 2025-01-04 13:41 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2025-01-04 13:41 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, January 7
Passed a-full on autobuilder:
https://valkyrie.yoctoproject.org/#/builders/29/builds/737
The following changes since commit 01423828248b75e1f5afe2e5959ccd971df875cd:
rust: add reproducibility patch to eliminate host leakage (2024-12-19 05:36:59 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Changqing Li (1):
sanity.bbclass: skip check_userns for non-local uid
Divya Chellam (1):
libxml2: Upgrade 2.12.8 -> 2.12.9
Guðni Már Gilbert (2):
python3: upgrade 3.12.6 -> 3.12.7
python3: upgrade 3.12.7 -> 3.12.8
Mark Hatle (1):
populate_sdk_ext: write_local_conf add shutil import
Mikko Rapeli (1):
ovmf-native: remove .pyc files from install
Peter Marko (16):
gstreamer1.0-plugins-good: fix several CVEs
gstreamer1.0-plugins-base: patch CVE-2024-47538
gstreamer1.0-plugins-base: patch CVE-2024-47607
gstreamer1.0-plugins-base: patch CVE-2024-47615
gstreamer1.0-plugins-good: patch CVE-2024-47613
gstreamer1.0-plugins-good: patch several CVEs
gstreamer1.0-plugins-base: patch CVE-2024-47541
gstreamer1.0-plugins-base: patch CVE-2024-47542
gstreamer1.0-plugins-good: patch CVE-2024-47599
gstreamer1.0-plugins-base: patch CVE-2024-47600
gstreamer1.0-plugins-good: patch CVE-2024-47606
gstreamer1.0-plugins-good: patch CVE-2024-47606
gstreamer1.0-plugins-good: patch CVE-2024-47774
gstreamer1.0-plugins-good: patch several CVEs
gstreamer1.0-plugins-base: patch CVE-2024-47835
gstreamer1.0: ignore CVEs fixed in plugins recipes
Soumya Sambu (1):
python3-requests: upgrade 2.32.0 -> 2.32.3
Xiangyu Chen (1):
lttng-modules: fix sched_stat_runtime changed in Linux 6.6.66
aszh07 (1):
libarchive: Fix CVE-2024-20696
meta/classes-global/sanity.bbclass | 2 +
meta/classes-recipe/populate_sdk_ext.bbclass | 2 +
.../{libxml2_2.12.8.bb => libxml2_2.12.9.bb} | 2 +-
meta/recipes-core/ovmf/ovmf_git.bb | 1 +
...s_2.32.0.bb => python3-requests_2.32.3.bb} | 4 +-
...shebang-overflow-on-python-config.py.patch | 6 +-
...e-stdin-I-O-errors-same-way-as-maste.patch | 3 +-
...-use-prefix-value-from-build-configu.patch | 5 +-
...-qemu-wrapper-when-gathering-profile.patch | 6 +-
...sts-due-to-load-variability-on-YP-AB.patch | 16 +-
...est_sysconfig-for-posix_user-purelib.patch | 7 +-
...e-treat-overflow-in-UID-GID-as-failu.patch | 9 +-
...asename-to-replace-CC-for-checking-c.patch | 20 +-
..._fileno-test-due-to-load-variability.patch | 6 +-
...g.py-use-platlibdir-also-for-purelib.patch | 5 +-
...ctive_children-skip-problematic-test.patch | 9 +-
...pes.test_find-skip-without-tools-sdk.patch | 5 +-
...-test_deadlock-skip-problematic-test.patch | 9 +-
...le.py-correct-the-test-output-format.patch | 7 +-
...t_readline-skip-limited-history-test.patch | 14 +-
...-test_shutdown-skip-problematic-test.patch | 11 +-
...orlines-skip-due-to-load-variability.patch | 5 +-
...up.py-do-not-add-a-curses-include-pa.patch | 6 +-
.../python/python3/cgi_py.patch | 3 +-
.../python/python3/crosspythonpath.patch | 5 +-
.../python3/deterministic_imports.patch | 5 +-
.../python/python3/makerace.patch | 6 +-
.../{python3_3.12.6.bb => python3_3.12.8.bb} | 2 +-
.../libarchive/CVE-2024-20696.patch | 115 +++++
.../libarchive/libarchive_3.7.4.bb | 3 +-
...stat_runtime-changed-in-Linux-6.6.66.patch | 51 ++
.../lttng/lttng-modules_2.13.12.bb | 1 +
...at-most-64-channels-to-NONE-position.patch | 35 ++
...at-most-64-channels-to-NONE-position.patch | 41 ++
...ck-writes-to-GstOggStream.vorbis_mod.patch | 80 ++++
...w-and-fix-per-format-min_packet_size.patch | 168 +++++++
...for-closing-brace-after-opening-brac.patch | 38 ++
...se-strstr-on-strings-that-are-potent.patch | 99 ++++
...parsing-extended-header-if-not-enoug.patch | 64 +++
...-print-channel-layout-for-more-than-.patch | 38 ++
...or-NULL-return-of-strchr-when-parsin.patch | 39 ++
.../gstreamer1.0-plugins-base_1.22.12.bb | 9 +
...o-sized-boxes-instead-of-stopping-to.patch | 124 +++++
...ger-overflow-when-allocating-the-sam.patch | 63 +++
...Fix-debug-output-during-trun-parsing.patch | 72 +++
...erate-over-all-trun-entries-if-none-.patch | 35 ++
...zes-of-stsc-stco-stts-before-trying-.patch | 63 +++
...e-only-an-even-number-of-bytes-is-pr.patch | 44 ++
...e-enough-data-is-available-before-re.patch | 120 +++++
...th-checks-and-offsets-in-stsd-entry-.patch | 450 ++++++++++++++++++
...r-handling-when-parsing-cenc-sample-.patch | 56 +++
...e-there-are-enough-offsets-to-read-w.patch | 49 ++
...-handle-errors-returns-from-various-.patch | 97 ++++
...r-invalid-atom-length-when-extractin.patch | 36 ++
...size-check-for-parsing-SMI-SEQH-atom.patch | 37 ++
...ck-if-initializing-the-video-info-ac.patch | 53 +++
...ly-unmap-GstMapInfo-in-WavPack-heade.patch | 60 +++
...x-off-by-one-when-parsing-multi-chan.patch | 35 ++
...eck-for-big-enough-WavPack-codec-pri.patch | 43 ++
...n-t-take-data-out-of-an-empty-adapte.patch | 51 ++
...ip-over-laces-directly-when-postproc.patch | 52 ++
...ip-over-zero-sized-Xiph-stream-heade.patch | 43 ++
...t-a-copy-of-the-codec-data-into-the-.patch | 44 ++
...ly-error-out-on-negotiation-failures.patch | 99 ++++
...teger-overflow-when-parsing-Theora-e.patch | 44 ++
...size-checks-and-avoid-overflows-when.patch | 46 ++
...or-short-reads-when-parsing-headers-.patch | 174 +++++++
...re-enough-data-for-the-tag-list-tag-.patch | 41 ++
...7-wavparse-Fix-parsing-of-acid-chunk.patch | 65 +++
...hat-at-least-4-bytes-are-available-b.patch | 37 ++
...hat-at-least-32-bytes-are-available-.patch | 40 ++
...ix-clipping-of-size-to-the-file-size.patch | 47 ++
...Check-size-before-reading-ds64-chunk.patch | 41 ++
.../gstreamer1.0-plugins-good_1.22.12.bb | 34 +-
...integer-overflow-when-allocating-sys.patch | 56 +++
.../gstreamer/gstreamer1.0_1.22.12.bb | 14 +
76 files changed, 3226 insertions(+), 101 deletions(-)
rename meta/recipes-core/libxml/{libxml2_2.12.8.bb => libxml2_2.12.9.bb} (97%)
rename meta/recipes-devtools/python/{python3-requests_2.32.0.bb => python3-requests_2.32.3.bb} (78%)
rename meta/recipes-devtools/python/{python3_3.12.6.bb => python3_3.12.8.bb} (99%)
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2024-20696.patch
create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0004-vorbisdec-Set-at-most-64-channels-to-NONE-position.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0005-opusdec-Set-at-most-64-channels-to-NONE-position.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0006-vorbis_parse-check-writes-to-GstOggStream.vorbis_mod.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0007-oggstream-review-and-fix-per-format-min_packet_size.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0008-ssaparse-Search-for-closing-brace-after-opening-brac.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0009-ssaparse-Don-t-use-strstr-on-strings-that-are-potent.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-qtdemux-Skip-zero-sized-boxes-instead-of-stopping-to.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0002-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0003-qtdemux-Fix-debug-output-during-trun-parsing.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0004-qtdemux-Don-t-iterate-over-all-trun-entries-if-none-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0005-qtdemux-Check-sizes-of-stsc-stco-stts-before-trying-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0006-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0007-qtdemux-Make-sure-enough-data-is-available-before-re.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0008-qtdemux-Fix-length-checks-and-offsets-in-stsd-entry-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0009-qtdemux-Fix-error-handling-when-parsing-cenc-sample-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0010-qtdemux-Make-sure-there-are-enough-offsets-to-read-w.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0011-qtdemux-Actually-handle-errors-returns-from-various-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0012-qtdemux-Check-for-invalid-atom-length-when-extractin.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0013-qtdemux-Add-size-check-for-parsing-SMI-SEQH-atom.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0014-gdkpixbufdec-Check-if-initializing-the-video-info-ac.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0015-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0016-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0017-matroskademux-Check-for-big-enough-WavPack-codec-pri.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0018-matroskademux-Don-t-take-data-out-of-an-empty-adapte.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0019-matroskademux-Skip-over-laces-directly-when-postproc.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0020-matroskademux-Skip-over-zero-sized-Xiph-stream-heade.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0021-matroskademux-Put-a-copy-of-the-codec-data-into-the-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0022-jpegdec-Directly-error-out-on-negotiation-failures.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0023-qtdemux-Avoid-integer-overflow-when-parsing-Theora-e.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0024-avisubtitle-Fix-size-checks-and-avoid-overflows-when.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0025-wavparse-Check-for-short-reads-when-parsing-headers-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0026-wavparse-Make-sure-enough-data-for-the-tag-list-tag-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0027-wavparse-Fix-parsing-of-acid-chunk.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0028-wavparse-Check-that-at-least-4-bytes-are-available-b.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0031-wavparse-Check-size-before-reading-ds64-chunk.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0/0005-allocator-Avoid-integer-overflow-when-allocating-sys.patch
--
2.43.0
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 00/25] Patch review
@ 2026-02-09 9:28 Yoann Congal
0 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-02-09 9:28 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Wednesday, February 11.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3183
The following changes since commit d50e4680ed6f930582d907b37c9ed545a89f5c27:
build-appliance-image: Update to scarthgap head revision (2026-01-26 09:50:47 +0000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
Adarsh Jagadish Kamini (1):
python-urllib3: Backport fix for CVE-2026-21441
Amaury Couderc (1):
curl: patch CVE-2025-14524
Ankur Tyagi (2):
ffmpeg: upgrade 6.1.3 -> 6.1.4
ffmpeg: ignore CVE-2025-25469
Benjamin Robin (Schneider Electric) (1):
meta/classes: fix missing vardeps for CVE status variables
Daniel Turull (1):
improve_kernel_cve_report: add script for postprocesing of kernel CVE
data
Fred Bacon (1):
lighttpd: Fix trailing slash on files in mod_dirlisting
Hitendra Prajapati (1):
curl: fix CVE-2025-10148
Hugo SIMELIERE (1):
libtasn1: Fix CVE-2025-13151
Ken Kurematsu (1):
libtheora: set CVE_PRODUCT
Khai Dang (1):
docbook-xml-dtd4: fix the fetching failure
Peter Marko (12):
expat: patch CVE-2026-24515
expat: patch CVE-2026-25210
glib-2.0: patch CVE-2026-0988
libpng: patch CVE-2026-22695
libpng: patch CVE-2026-22801
libxml2: patch CVE-2026-0989
libxml2: patch CVE-2026-0990
libxml2: patch CVE-2026-0992
libxml2: add follow-up patch for CVE-2026-0992
python3: patch CVE-2025-13837
zlib: ignore CVE-2026-22184
glibc: stable 2.39 branch updates
Richard Purdie (1):
pseudo: Update to 1.9.3 release
Vijay Anusuri (1):
inetutils: Fix CVE-2026-24061
meta/classes/create-spdx-2.2.bbclass | 1 +
meta/classes/create-spdx-3.0.bbclass | 2 +
meta/classes/cve-check.bbclass | 1 +
meta/classes/vex.bbclass | 1 +
.../inetutils/CVE-2026-24061-1.patch | 41 ++
.../inetutils/CVE-2026-24061-2.patch | 85 ++++
.../inetutils/inetutils_2.5.bb | 2 +
.../expat/expat/CVE-2026-24515-01.patch | 43 ++
.../expat/expat/CVE-2026-24515-02.patch | 117 +++++
.../expat/expat/CVE-2026-25210-01.patch | 27 +
.../expat/expat/CVE-2026-25210-02.patch | 38 ++
.../expat/expat/CVE-2026-25210-03.patch | 28 ++
meta/recipes-core/expat/expat_2.6.4.bb | 5 +
.../glib-2.0/glib-2.0/CVE-2026-0988.patch | 58 +++
meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.39.bb | 2 +-
.../libxml/libxml2/CVE-2026-0989.patch | 309 ++++++++++++
.../libxml/libxml2/CVE-2026-0990.patch | 76 +++
.../libxml/libxml2/CVE-2026-0992-01.patch | 49 ++
.../libxml/libxml2/CVE-2026-0992-02.patch | 323 ++++++++++++
.../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++
meta/recipes-core/libxml/libxml2_2.12.10.bb | 5 +
meta/recipes-core/zlib/zlib_1.3.1.bb | 1 +
.../docbook-xml/docbook-xml-dtd4_4.5.bb | 10 +-
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
.../python3-urllib3/CVE-2026-21441.patch | 105 ++++
.../python/python3-urllib3_2.2.2.bb | 1 +
.../python/python3/CVE-2025-13837.patch | 162 ++++++
.../python/python3_3.12.12.bb | 1 +
.../lighttpd/0001-mod_dirlisting.patch | 48 ++
.../lighttpd/lighttpd_1.4.74.bb | 1 +
.../ffmpeg/ffmpeg/CVE-2024-35365.patch | 62 ---
.../ffmpeg/ffmpeg/CVE-2024-36618.patch | 36 --
.../ffmpeg/ffmpeg/CVE-2025-1594.patch | 105 ----
.../{ffmpeg_6.1.3.bb => ffmpeg_6.1.4.bb} | 7 +-
.../libpng/files/CVE-2026-22695.patch | 77 +++
.../libpng/files/CVE-2026-22801.patch | 173 +++++++
.../libpng/libpng_1.6.42.bb | 2 +
.../libtheora/libtheora_1.1.1.bb | 2 +
.../curl/curl/CVE-2025-10148.patch | 57 +++
.../curl/curl/CVE-2025-14524.patch | 44 ++
meta/recipes-support/curl/curl_8.7.1.bb | 2 +
.../gnutls/libtasn1/CVE-2025-13151.patch | 30 ++
.../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 +
scripts/contrib/improve_kernel_cve_report.py | 467 ++++++++++++++++++
46 files changed, 2431 insertions(+), 216 deletions(-)
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-1.patch
create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-2.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-24515-01.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-24515-02.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-01.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-02.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2026-25210-03.patch
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-0988.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch
create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch
create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13837.patch
create mode 100644 meta/recipes-extended/lighttpd/lighttpd/0001-mod_dirlisting.patch
delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-35365.patch
delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2024-36618.patch
delete mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-1594.patch
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_6.1.3.bb => ffmpeg_6.1.4.bb} (98%)
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22695.patch
create mode 100644 meta/recipes-multimedia/libpng/files/CVE-2026-22801.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-10148.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14524.patch
create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch
create mode 100755 scripts/contrib/improve_kernel_cve_report.py
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 00/25] Patch review
@ 2026-06-05 22:33 Yoann Congal
0 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-06-05 22:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Tuesday, June 9.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/3933
The following changes since commit ece80784b493c8b7493478fa2ba0dc1d6d80aa79:
build-appliance-image: Update to scarthgap head revisions (2026-05-15 13:25:33 +0100)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-review
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-review
for you to fetch changes up to e2864ea1ac022e43af92badc701fa1e2a9571f46:
pseudo: Upgrade 1.9.6 -> 1.9.7 (2026-06-05 11:02:52 +0200)
----------------------------------------------------------------
Ankur Tyagi (1):
tzdata/tzcode-native: upgrade 2026a -> 2026b
Benjamin Robin (Schneider Electric) (1):
lz4: Remove a reference to the rejected CVE-2025-62813
Changqing Li (1):
go.bbclass: change GOTMPDIR to improve reproducibility
Guðni Már Gilbert (1):
gnupg: upgrade 2.4.8 -> 2.4.9
Hitendra Prajapati (3):
libssh2: fix for CVE-2026-7598
libexif: fix for CVE-2026-32775
libexif: fix for CVE-2026-40385, CVE-2026-40386
Hugo SIMELIERE (Schneider Electric) (1):
libarchive: Fix CVE-2026-4424
Martin Jansa (1):
systemd: update musl specific patch to apply
Mathieu Dubois-Briand (1):
oeqa: runtime: go: Increase test_go_compile/test_go_module timeout
Peter Bergin (1):
go.bbclass: disable workspaces
Peter Marko (1):
cargo: set CVE_PRODUCT
Richard Purdie (4):
pseudo: Upgrade to 1.9.4
pseudo: Upgrade to 1.9.5
pseudo: Update 1.9.5 -> 1.9.6
pseudo: Upgrade 1.9.6 -> 1.9.7
Ross Burton (3):
python3-requests: backport fix for CVE-2026-25645
perl: link to the system zlib instead of a vendored copy
classes/base: prefer gnu-prefixed HOSTTOOLS
Theo Gaige (Schneider Electric) (3):
openssh: patch CVE-2026-35385
openssh: patch CVE-2026-35387
openssh: patch CVE-2026-35388
Trevor Woerner (1):
wic: filemap: use separate fd for SEEK_HOLE probes
Yoann Congal (2):
scripts/install-buildtools: Update to 5.0.18
linux-yocto/6.6: update CVE exclusions (6.6.127)
meta/classes-global/base.bbclass | 6 +-
meta/classes-recipe/go.bbclass | 3 +-
meta/lib/oeqa/runtime/cases/go.py | 4 +-
.../openssh/openssh/CVE-2026-35385.patch | 47 +
.../openssh/openssh/CVE-2026-35387.patch | 205 ++
.../openssh/openssh/CVE-2026-35388.patch | 47 +
.../openssh/openssh_9.6p1.bb | 3 +
...missing.h-check-for-missing-strndupa.patch | 4 +-
meta/recipes-devtools/perl/perl_5.38.4.bb | 5 +
meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +-
.../python3-requests/CVE-2026-25645.patch | 46 +
.../python/python3-requests_2.32.4.bb | 7 +-
meta/recipes-devtools/rust/cargo_1.75.0.bb | 2 +
.../libarchive/CVE-2026-4424-1.patch | 61 +
.../libarchive/CVE-2026-4424-2.patch | 28 +
.../libarchive/libarchive_3.7.9.bb | 2 +
meta/recipes-extended/timezone/timezone.inc | 6 +-
.../linux/cve-exclusion_6.6.inc | 2462 +++++++++++++++--
...erride-init-is-not-needed-with-gcc-9.patch | 7 +-
...-a-custom-value-for-the-location-of-.patch | 5 +-
...use-pkgconfig-instead-of-npth-config.patch | 3 +-
...h-fix-find-version-for-beta-checking.patch | 3 +-
.../gnupg/gnupg/CVE-2025-68973.patch | 108 -
.../gnupg/gnupg/CVE-2026-24882-0001.patch | 7 +-
.../gnupg/gnupg/CVE-2026-24882-0002.patch | 7 +-
.../gnupg/gnupg/relocate.patch | 19 +-
.../gnupg/{gnupg_2.4.8.bb => gnupg_2.4.9.bb} | 3 +-
.../libexif/libexif/CVE-2026-32775.patch | 86 +
.../libexif/libexif/CVE-2026-40385.patch | 35 +
.../libexif/libexif/CVE-2026-40386.patch | 46 +
.../recipes-support/libexif/libexif_0.6.24.bb | 3 +
.../libssh2/libssh2/CVE-2026-7598.patch | 60 +
.../recipes-support/libssh2/libssh2_1.11.1.bb | 1 +
...13.patch => fix-null-error-handling.patch} | 1 -
meta/recipes-support/lz4/lz4_1.9.4.bb | 4 +-
scripts/install-buildtools | 4 +-
scripts/lib/wic/filemap.py | 13 +-
37 files changed, 2938 insertions(+), 419 deletions(-)
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2026-35385.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch
create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch
create mode 100644 meta/recipes-devtools/python/python3-requests/CVE-2026-25645.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-1.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2026-4424-2.patch
delete mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch
rename meta/recipes-support/gnupg/{gnupg_2.4.8.bb => gnupg_2.4.9.bb} (96%)
create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-32775.patch
create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-40385.patch
create mode 100644 meta/recipes-support/libexif/libexif/CVE-2026-40386.patch
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-7598.patch
rename meta/recipes-support/lz4/files/{CVE-2025-62813.patch => fix-null-error-handling.patch} (99%)
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 00/25] Patch review
@ 2026-07-09 10:06 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 01/25] libssh2: fix CVE-2026-55200 Yoann Congal
` (24 more replies)
0 siblings, 25 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for scarthgap and have comments back by
end of day Friday, July 10. This is a bit shorter period than usual,
ping me if you need more time (I've spent some time to understand the
below AB error).
*Somewhat* passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/4178
3 sub builds failed:
* oe-selftest-armhost#4305
* oe-selftest-debian#4250
* oe-selftest-fedora#4075
Sadly, I did not got successful retries. I think this is related to:
15289 – [scarthgap] AB-INT: sstatetests.SStatePrintdiff.test_gcc_runtime_vs_gcc_source failure
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15289
I'm still trying to understand what is happening but now I think this
issue is *NOT* related to this series. The main issue for this series is
that it prevented to fully run the oe-selftests. I plan to get a
green-ish build before doing the pull-request.
The following changes since commit 2814f0962f56c8d1afa4de76d2895ba9b5cb767d:
build-appliance-image: Update to scarthgap head revisions (2026-07-02 13:50:35 +0100)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-nut
for you to fetch changes up to 728706a9dc79a8c70429b805fc40429bcd8e09fc:
cve-update: Avoid NFS caching issues (2026-07-08 16:32:46 +0200)
----------------------------------------------------------------
Adarsh Jagadish Kamini (1):
curl: fix CVE-2026-6276
Anil Dongare (2):
cargo: Fix CVE-2026-5222
cargo: Fix CVE-2026-5223
Ashishkumar Parmar (3):
qemu: Fix CVE-2025-14876
qemu: Fix CVE-2026-0665
qemu: Fix CVE-2026-2243
Benjamin Robin (Schneider Electric) (1):
openssh: CVE-2026-35387 patch also fixes CVE-2026-35414
Daniel Turull (2):
libssh2: fix CVE-2026-55200
libssh2: fix CVE-2026-55199
Esa Jaaskela (1):
linux-yocto/6.6: update CVE exclusions (6.6.142)
Harish Sadineni (1):
binutils: Add CVE-2025-69646 to "CVE:" tag
Himanshu Jadon (1):
tar: Fix CVE-2026-5704
Hitendra Prajapati (4):
vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177
vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656
vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130
vim: Security fix for CVE-2026-28420 & CVE-2026-46483
Jaipaul Cheernam (1):
curl: fix CVE-2026-5773 - wrong reuse of SMB connection
Jakub Szczudlo (1):
libgcrypt: upgrade 1.10.3 -> 1.10.4
Nate Kent (1):
sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers
Paul Barker (1):
cve-update: Avoid NFS caching issues
Shubham Pushpkar (1):
binutils: Fix CVE-2026-6846
Theo Gaige (Schneider Electric) (4):
dhcpcd: patch CVE-2026-56113
dhcpcd: patch CVE-2026-56114
dhcpcd: patch CVE-2026-56117
perl: patch CVE-2026-8376
.../dhcpcd/dhcpcd_10.0.6.bb | 3 +
.../dhcpcd/files/CVE-2026-56113.patch | 92 +
.../dhcpcd/files/CVE-2026-56114.patch | 34 +
.../dhcpcd/files/CVE-2026-56117.patch | 167 +
...ch => CVE-2026-35414-CVE-2026-35387.patch} | 2 +-
.../openssh/openssh_9.6p1.bb | 2 +-
.../meta/cve-update-nvd2-native.bb | 9 +-
.../binutils/binutils-2.42.inc | 1 +
.../binutils/binutils/CVE-2025-69648.patch | 2 +-
.../binutils/binutils/CVE-2026-6846.patch | 57 +
.../perl/files/CVE-2026-8376-01.patch | 62 +
.../perl/files/CVE-2026-8376-02.patch | 49 +
meta/recipes-devtools/perl/perl_5.38.4.bb | 2 +
meta/recipes-devtools/qemu/qemu.inc | 4 +
.../qemu/qemu/CVE-2025-14876_p1.patch | 52 +
.../qemu/qemu/CVE-2025-14876_p2.patch | 56 +
.../qemu/qemu/CVE-2026-0665.patch | 38 +
.../qemu/qemu/CVE-2026-2243.patch | 45 +
.../rust/files/CVE-2026-5222.patch | 92 +
.../rust/files/CVE-2026-5223.patch | 114 +
meta/recipes-devtools/rust/rust-source.inc | 2 +
meta/recipes-extended/sudo/sudo_1.9.17p2.bb | 2 +-
.../tar/tar/CVE-2026-5704-dependent_p1.patch | 484 +++
.../tar/tar/CVE-2026-5704-dependent_p2.patch | 169 +
.../tar/tar/CVE-2026-5704-regression.patch | 176 +
.../tar/tar/CVE-2026-5704.patch | 556 +++
meta/recipes-extended/tar/tar_1.35.bb | 4 +
.../linux/cve-exclusion_6.6.inc | 3418 +++++++++++++----
.../curl/curl/CVE-2026-5773.patch | 40 +
.../curl/curl/CVE-2026-6276.patch | 135 +
meta/recipes-support/curl/curl_8.7.1.bb | 2 +
...ilding-error-with-O2-in-sysroot-path.patch | 64 -
...r-handle-substitution-in-sed-command.patch | 49 +
...ibgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} | 4 +-
.../libssh2/libssh2/CVE-2026-55199.patch | 44 +
.../libssh2/libssh2/CVE-2026-55200.patch | 36 +
.../recipes-support/libssh2/libssh2_1.11.1.bb | 2 +
.../vim/files/CVE-2026-28417.patch | 92 +
.../vim/files/CVE-2026-28420.patch | 162 +
.../vim/files/CVE-2026-28421.patch | 148 +
.../vim/files/CVE-2026-32249.patch | 117 +
.../vim/files/CVE-2026-34714.patch | 109 +
.../vim/files/CVE-2026-34982.patch | 105 +
.../vim/files/CVE-2026-35177.patch | 60 +
.../vim/files/CVE-2026-41411.patch | 75 +
.../vim/files/CVE-2026-44656.patch | 130 +
.../vim/files/CVE-2026-45130.patch | 115 +
.../vim/files/CVE-2026-46483.patch | 77 +
meta/recipes-support/vim/vim.inc | 11 +
49 files changed, 6449 insertions(+), 822 deletions(-)
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch
rename meta/recipes-connectivity/openssh/openssh/{CVE-2026-35387.patch => CVE-2026-35414-CVE-2026-35387.patch} (99%)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch
create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5222.patch
create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5223.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-5773.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-6276.patch
delete mode 100644 meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch
rename meta/recipes-support/libgcrypt/{libgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} (92%)
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28417.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28420.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28421.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-32249.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-34714.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-34982.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-35177.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-41411.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-44656.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-45130.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-46483.patch
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 01/25] libssh2: fix CVE-2026-55200
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 02/25] libssh2: fix CVE-2026-55199 Yoann Congal
` (23 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Daniel Turull <daniel.turull@ericsson.com>
Backport patch to fix CVE-2026-55200.
https://nvd.nist.gov/vuln/detail/CVE-2026-55200
Upstream fix:
https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8
Tested with ptest:
Before: PASSED: 3, FAILED: 0, SKIPPED: 0
After: PASSED: 3, FAILED: 0, SKIPPED: 0
Reviewed-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
(cherry picked from commit 42c8c6ec3066dc47b9eeeba0247ffa927193abff)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libssh2/libssh2/CVE-2026-55200.patch | 36 +++++++++++++++++++
.../recipes-support/libssh2/libssh2_1.11.1.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch
diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch b/meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch
new file mode 100644
index 00000000000..9a71277cce4
--- /dev/null
+++ b/meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch
@@ -0,0 +1,36 @@
+From df0b03ee5ef12f3a46fccc0fc688ebfb91702972 Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Fri, 12 Jun 2026 15:57:44 -0700
+Subject: [PATCH] transport.c: Additional boundary checks for packet length
+ (#2052)
+
+Add additional bounds checking on packet length to prevent OOB write.
+
+Credit: [TristanInSec](https://github.com/TristanInSec)
+
+CVE: CVE-2026-55200
+Upstream-Status: Backport [https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8]
+
+Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
+---
+ src/transport.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index e1120656..d147505b 100644
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -639,8 +639,12 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+ total_num = 4;
+
+ p->packet_length = _libssh2_ntohu32(block);
+- if(p->packet_length < 1)
++ if(p->packet_length < 1) {
+ return LIBSSH2_ERROR_DECRYPT;
++ }
++ else if(p->packet_length > LIBSSH2_PACKET_MAXPAYLOAD) {
++ return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
++ }
+
+ /* total_num may include size field, however due to existing
+ * logic it needs to be removed after the entire packet is read
diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
index 2284d054b10..d6ee97f7ed0 100644
--- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
file://run-ptest \
file://0001-Return-error-if-user-KEX-methods-are-invalid.patch \
file://CVE-2026-7598.patch \
+ file://CVE-2026-55200.patch \
"
SRC_URI[sha256sum] = "d9ec76cbe34db98eec3539fe2c899d26b0c837cb3eb466a56b0f109cabf658f7"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 02/25] libssh2: fix CVE-2026-55199
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 01/25] libssh2: fix CVE-2026-55200 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 03/25] tar: Fix CVE-2026-5704 Yoann Congal
` (22 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Daniel Turull <daniel.turull@ericsson.com>
Backport patch to fix CVE-2026-55199.
https://nvd.nist.gov/vuln/detail/CVE-2026-55199
Upstream fix:
https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4
Tested with ptest:
Before: PASSED: 3, FAILED: 0, SKIPPED: 0
After: PASSED: 3, FAILED: 0, SKIPPED: 0
Reviewed-by: Anders Heimer <anders.heimer@est.tech>
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
(cherry picked from commit 5b52af4a02849c1ce74491056a2d13e4e3b6ad2d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../libssh2/libssh2/CVE-2026-55199.patch | 44 +++++++++++++++++++
.../recipes-support/libssh2/libssh2_1.11.1.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch
diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch b/meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch
new file mode 100644
index 00000000000..81815486ada
--- /dev/null
+++ b/meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch
@@ -0,0 +1,44 @@
+From b5cb1c1781ba5f275485f65855d61faaba6542b2 Mon Sep 17 00:00:00 2001
+From: TristanInSec <tristan.mtn@gmail.com>
+Date: Wed, 15 Apr 2026 14:51:08 -0400
+Subject: [PATCH] packet: check `_libssh2_get_string()` return in `EXT_INFO`
+ handler
+
+The `SSH_MSG_EXT_INFO` handler discards the return values from
+`_libssh2_get_string()` when parsing extension name/value pairs. When
+the buffer is exhausted before all claimed extensions are parsed,
+the loop continues with no-op iterations until `nr_extensions` reaches
+zero.
+
+The `nr_extensions >= 1024` cap limits the worst case, but the loop
+should still break on parse failure for correctness and consistency
+with other parsers in this file (e.g. `SSH_MSG_CHANNEL_OPEN`,
+`SSH_MSG_KEXINIT`) that check `_libssh2_get_string()` return values.
+
+Closes #1864
+
+CVE: CVE-2026-55199
+Upstream-Status: Backport [https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4]
+
+Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
+---
+ src/packet.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index 6da14e9f..ebaddae5 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -868,8 +868,10 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+
+ nr_extensions -= 1;
+
+- _libssh2_get_string(&buf, &name, &name_len);
+- _libssh2_get_string(&buf, &value, &value_len);
++ if(_libssh2_get_string(&buf, &name, &name_len))
++ break;
++ if(_libssh2_get_string(&buf, &value, &value_len))
++ break;
+
+ if(name && value) {
+ _libssh2_debug((session,
diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
index d6ee97f7ed0..960ff71df2f 100644
--- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
file://0001-Return-error-if-user-KEX-methods-are-invalid.patch \
file://CVE-2026-7598.patch \
file://CVE-2026-55200.patch \
+ file://CVE-2026-55199.patch \
"
SRC_URI[sha256sum] = "d9ec76cbe34db98eec3539fe2c899d26b0c837cb3eb466a56b0f109cabf658f7"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 03/25] tar: Fix CVE-2026-5704
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 01/25] libssh2: fix CVE-2026-55200 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 02/25] libssh2: fix CVE-2026-55199 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 04/25] sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers Yoann Congal
` (21 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Himanshu Jadon <hjadon@cisco.com>
Backport the upstream 3-commit fix chain for CVE-2026-5704.
The final CVE fix is [1], which depends on the earlier cleanup in [2]
and the behavioral change in [3]. Keep this patch order so the final
fix applies cleanly and preserves the upstream logic.
Also include upstream follow-up [4] to fix the --no-overwrite-dir ptest
regression caused by the CVE backport. Without this follow-up, tar can
temporarily chmod an existing directory even when --no-overwrite-dir is
used, which breaks the upstream --no-overwrite-dir ptest.
[1] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b8d8a61b25588caca4efaf9bdd2e3f1a49da77e3
[2] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=112ead79312ea308e58414b74623f101b8c06f0b
[3] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b009124ffde415515081db844d7a104e1d1c6c58
[4] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=4e742fc8674064a9fa00d4483d06aca48d5b0463
[5] https://security-tracker.debian.org/tracker/CVE-2026-5704
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 872d86b99ad3e77a105b386331a41f7fa40c2b72)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../tar/tar/CVE-2026-5704-dependent_p1.patch | 484 +++++++++++++++
.../tar/tar/CVE-2026-5704-dependent_p2.patch | 169 ++++++
.../tar/tar/CVE-2026-5704-regression.patch | 176 ++++++
.../tar/tar/CVE-2026-5704.patch | 556 ++++++++++++++++++
meta/recipes-extended/tar/tar_1.35.bb | 4 +
5 files changed, 1389 insertions(+)
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch
create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704.patch
diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch
new file mode 100644
index 00000000000..b7180e16719
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch
@@ -0,0 +1,484 @@
+From cb6d041ba711620b52637ebd2f9cb0c445a91e4f Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri, 1 Nov 2024 14:15:09 -0700
+Subject: [PATCH] Prefer other types to int in extract.c
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/extract.c (fd_chmod, extract_chdir, open_output_file)
+(extract_file, extract_link, extract_symlink, extract_node)
+(extract_fifo, tar_extractor_t, pepare_to_extract): Prefer char to
+int for typeflag, since it’s a char. All uses changed.
+(fd_chmod): Use clearer code for errno.
+(extract_dir, extract_file, create_placeholder_file, extract_link)
+(extract_symlink, extract_node, extract_fifo, tar_extractor_t):
+Return bool true for success, false for failure. All uses changed.
+(open_output_file): Prefer bool for boolean.
+(prepare_to_extract): Simplify by returning the extractor a null
+pointer, rather than storing through a pointer to an extractor.
+
+CVE: CVE-2026-5704
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=112ead79312ea308e58414b74623f101b8c06f0b]
+
+Backport Changes:
+- In src/extract.c, the extractor-selection and extraction-control-flow
+ hunk was adapted to the older tar-1.35 code layout around
+ prepare_to_extract() and extract_archive(). The backport preserves the
+ upstream logic but does not apply as an exact textual match in that
+ section.
+
+(cherry picked from commit 112ead79312ea308e58414b74623f101b8c06f0b)
+Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
+---
+ src/extract.c | 141 ++++++++++++++++++++++++--------------------------
+ 1 file changed, 69 insertions(+), 72 deletions(-)
+
+diff --git a/src/extract.c b/src/extract.c
+index 314d8bc0..b384fed3 100644
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -254,9 +254,9 @@ fd_i_chmod (int fd, char const *file, mode_t mode, int atflag)
+ notation.
+ */
+ static int
+-fd_chmod(int fd, char const *file_name, int mode, int atflag, int typeflag)
++fd_chmod (int fd, char const *file_name, int mode, int atflag, char typeflag)
+ {
+- int chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) == 0 ? 0 : errno;
++ int chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) < 0 ? errno : 0;
+
+ /* On Solaris, chmod may fail if we don't have PRIV_ALL, because
+ setuid-root files would otherwise be a backdoor. See
+@@ -265,7 +265,7 @@ fd_chmod(int fd, char const *file_name, int mode, int atflag, int typeflag)
+ if (chmod_errno == EPERM && (mode & S_ISUID)
+ && priv_set_restore_linkdir () == 0)
+ {
+- chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) == 0 ? 0 : errno;
++ chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) < 0 ? errno : 0;
+ priv_set_remove_linkdir ();
+ }
+
+@@ -275,7 +275,7 @@ fd_chmod(int fd, char const *file_name, int mode, int atflag, int typeflag)
+ supported and if the file is not a symlink. This
+ introduces a race, alas. */
+ if (atflag && typeflag != SYMTYPE && ! implemented (chmod_errno))
+- chmod_errno = fd_i_chmod (fd, file_name, mode, 0) == 0 ? 0 : errno;
++ chmod_errno = fd_i_chmod (fd, file_name, mode, 0) < 0 ? errno : 0;
+
+ if (chmod_errno && (typeflag != SYMTYPE || implemented (chmod_errno)))
+ {
+@@ -1036,8 +1036,8 @@ safe_dir_mode (struct stat const *st)
+
+ /* Extractor functions for various member types */
+
+-static int
+-extract_dir (char *file_name, int typeflag)
++static bool
++extract_dir (char *file_name, char typeflag)
+ {
+ int status;
+ mode_t mode;
+@@ -1089,7 +1089,7 @@ extract_dir (char *file_name, int typeflag)
+
+ if (keep_directory_symlink_option
+ && is_directory_link (file_name, &st))
+- return 0;
++ return true;
+
+ if ((st.st_mode != 0 && fstatat_flags == 0)
+ || deref_stat (file_name, &st) == 0)
+@@ -1102,7 +1102,7 @@ extract_dir (char *file_name, int typeflag)
+ if (interdir_made)
+ {
+ repair_delayed_set_stat (file_name, &st);
+- return 0;
++ return true;
+ }
+ else if (old_files_option == NO_OVERWRITE_DIR_OLD_FILES)
+ {
+@@ -1154,7 +1154,7 @@ extract_dir (char *file_name, int typeflag)
+ if (errno != EEXIST)
+ {
+ mkdir_error (file_name);
+- return 1;
++ return false;
+ }
+ break;
+ }
+@@ -1167,13 +1167,13 @@ extract_dir (char *file_name, int typeflag)
+ delay_set_stat (file_name, ¤t_stat_info,
+ current_mode, current_mode_mask,
+ current_stat_info.stat.st_mode, atflag);
+- return status;
++ return status == 0;
+ }
+
+
+
+ static int
+-open_output_file (char const *file_name, int typeflag, mode_t mode,
++open_output_file (char const *file_name, char typeflag, mode_t mode,
+ int file_created, mode_t *current_mode,
+ mode_t *current_mode_mask)
+ {
+@@ -1189,11 +1189,11 @@ open_output_file (char const *file_name, int typeflag, mode_t mode,
+
+ if (typeflag == CONTTYPE)
+ {
+- static int conttype_diagnosed;
++ static bool conttype_diagnosed;
+
+ if (!conttype_diagnosed)
+ {
+- conttype_diagnosed = 1;
++ conttype_diagnosed = true;
+ WARNOPT (WARN_CONTIGUOUS_CAST,
+ (0, 0, _("Extracting contiguous files as regular files")));
+ }
+@@ -1245,8 +1245,8 @@ open_output_file (char const *file_name, int typeflag, mode_t mode,
+ return fd;
+ }
+
+-static int
+-extract_file (char *file_name, int typeflag)
++static bool
++extract_file (char *file_name, char typeflag)
+ {
+ int fd;
+ off_t size;
+@@ -1268,7 +1268,7 @@ extract_file (char *file_name, int typeflag)
+ if (fd < 0)
+ {
+ skip_member ();
+- return 0;
++ return true;
+ }
+ }
+ else
+@@ -1291,9 +1291,9 @@ extract_file (char *file_name, int typeflag)
+ {
+ skip_member ();
+ if (recover == RECOVER_SKIP)
+- return 0;
++ return true;
+ open_error (file_name);
+- return 1;
++ return false;
+ }
+ }
+ }
+@@ -1344,7 +1344,7 @@ extract_file (char *file_name, int typeflag)
+ it doesn't exist, or we don't want to touch it anyway. */
+
+ if (to_stdout_option)
+- return 0;
++ return true;
+
+ if (! to_command_option)
+ set_stat (file_name, ¤t_stat_info, fd,
+@@ -1359,7 +1359,7 @@ extract_file (char *file_name, int typeflag)
+ if (to_command_option)
+ sys_wait_command ();
+
+- return status;
++ return status == 0;
+ }
+
+ /* Return true if NAME is a delayed link. This can happen only if the link
+@@ -1399,7 +1399,7 @@ find_delayed_link_source (char const *name)
+ process.
+ */
+
+-static int
++static bool
+ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made)
+ {
+ int fd;
+@@ -1413,7 +1413,7 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made)
+ that the link being extracted is a duplicate of an already
+ processed one. Skip it.
+ */
+- return 0;
++ return true;
+ }
+
+ switch (maybe_recoverable (file_name, false, interdir_made))
+@@ -1422,11 +1422,11 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made)
+ continue;
+
+ case RECOVER_SKIP:
+- return 0;
++ return true;
+
+ case RECOVER_NO:
+ open_error (file_name);
+- return -1;
++ return false;
+ }
+ }
+
+@@ -1484,14 +1484,14 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made)
+ if ((h = find_direct_ancestor (file_name)) != NULL)
+ mark_after_links (h);
+
+- return 0;
++ return true;
+ }
+
+- return -1;
++ return false;
+ }
+
+-static int
+-extract_link (char *file_name, MAYBE_UNUSED int typeflag)
++static bool
++extract_link (char *file_name, MAYBE_UNUSED char typeflag)
+ {
+ bool interdir_made = false;
+ char const *link_name;
+@@ -1531,7 +1531,7 @@ extract_link (char *file_name, MAYBE_UNUSED int typeflag)
+ }
+ }
+
+- return 0;
++ return true;
+ }
+ else if ((e == EEXIST && strcmp (link_name, file_name) == 0)
+ || ((fstatat (chdir_fd, link_name, &st1, AT_SYMLINK_NOFOLLOW)
+@@ -1540,7 +1540,7 @@ extract_link (char *file_name, MAYBE_UNUSED int typeflag)
+ == 0)
+ && st1.st_dev == st2.st_dev
+ && st1.st_ino == st2.st_ino))
+- return 0;
++ return true;
+
+ errno = e;
+ }
+@@ -1548,17 +1548,17 @@ extract_link (char *file_name, MAYBE_UNUSED int typeflag)
+ == RECOVER_OK);
+
+ if (rc == RECOVER_SKIP)
+- return 0;
++ return true;
+ if (!(incremental_option && errno == EEXIST))
+ {
+ link_error (link_name, file_name);
+- return 1;
++ return false;
+ }
+- return 0;
++ return true;
+ }
+
+-static int
+-extract_symlink (char *file_name, MAYBE_UNUSED int typeflag)
++static bool
++extract_symlink (char *file_name, MAYBE_UNUSED char typeflag)
+ {
+ #ifdef HAVE_SYMLINK
+ bool interdir_made = false;
+@@ -1575,16 +1575,16 @@ extract_symlink (char *file_name, MAYBE_UNUSED int typeflag)
+ continue;
+
+ case RECOVER_SKIP:
+- return 0;
++ return true;
+
+ case RECOVER_NO:
+ symlink_error (current_stat_info.link_name, file_name);
+- return -1;
++ return false;
+ }
+
+ set_stat (file_name, ¤t_stat_info, -1, 0, 0,
+ SYMTYPE, false, AT_SYMLINK_NOFOLLOW);
+- return 0;
++ return true;
+
+ #else
+ static int warned_once;
+@@ -1601,8 +1601,8 @@ extract_symlink (char *file_name, MAYBE_UNUSED int typeflag)
+ }
+
+ #if S_IFCHR || S_IFBLK
+-static int
+-extract_node (char *file_name, int typeflag)
++static bool
++extract_node (char *file_name, char typeflag)
+ {
+ bool interdir_made = false;
+ mode_t mode = (current_stat_info.stat.st_mode & (MODE_RWX | S_IFBLK | S_IFCHR)
+@@ -1616,23 +1616,23 @@ extract_node (char *file_name, int typeflag)
+ continue;
+
+ case RECOVER_SKIP:
+- return 0;
++ return true;
+
+ case RECOVER_NO:
+ mknod_error (file_name);
+- return -1;
++ return false;
+ }
+
+ set_stat (file_name, ¤t_stat_info, -1,
+ mode & ~ current_umask, MODE_RWX,
+ typeflag, false, AT_SYMLINK_NOFOLLOW);
+- return 0;
++ return true;
+ }
+ #endif
+
+ #if HAVE_MKFIFO || defined mkfifo
+-static int
+-extract_fifo (char *file_name, int typeflag)
++static bool
++extract_fifo (char *file_name, char typeflag)
+ {
+ bool interdir_made = false;
+ mode_t mode = (current_stat_info.stat.st_mode & MODE_RWX
+@@ -1645,31 +1645,31 @@ extract_fifo (char *file_name, int typeflag)
+ continue;
+
+ case RECOVER_SKIP:
+- return 0;
++ return true;
+
+ case RECOVER_NO:
+ mkfifo_error (file_name);
+- return -1;
++ return false;
+ }
+
+ set_stat (file_name, ¤t_stat_info, -1,
+ mode & ~ current_umask, MODE_RWX,
+ typeflag, false, AT_SYMLINK_NOFOLLOW);
+- return 0;
++ return true;
+ }
+ #endif
+
+-typedef int (*tar_extractor_t) (char *file_name, int typeflag);
++typedef bool (*tar_extractor_t) (char *file_name, char typeflag);
+
+ \f
+ /* Prepare to extract a file. Find extractor function.
+- Return true to proceed with the extraction, false to skip the current
+- member. */
++ Return an extractor to proceed with the extraction,
++ a null pointer to skip the current member. */
+
+-static bool
+-prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun)
++static tar_extractor_t
++prepare_to_extract (char const *file_name, char typeflag)
+ {
+- tar_extractor_t extractor = NULL;
++ tar_extractor_t extractor;
+
+ /* Select the extractor */
+ switch (typeflag)
+@@ -1683,10 +1683,8 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun)
+ case CONTTYPE:
+ /* Appears to be a file. But BSD tar uses the convention that a slash
+ suffix means a directory. */
+- if (current_stat_info.had_trailing_slash)
+- extractor = extract_dir;
+- else
+- extractor = extract_file;
++ extractor = (current_stat_info.had_trailing_slash
++ ? extract_dir : extract_file);
+ break;
+
+ case SYMTYPE:
+@@ -1725,18 +1723,18 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun)
+ break;
+
+ case GNUTYPE_VOLHDR:
+- return false;
++ return NULL;
+
+ case GNUTYPE_MULTIVOL:
+ ERROR ((0, 0,
+ _("%s: Cannot extract -- file is continued from another volume"),
+ quotearg_colon (current_stat_info.file_name)));
+- return false;
++ return NULL;
+
+ case GNUTYPE_LONGNAME:
+ case GNUTYPE_LONGLINK:
+ ERROR ((0, 0, _("Unexpected long name header")));
+- return false;
++ return NULL;
+
+ default:
+ WARNOPT (WARN_UNKNOWN_CAST,
+@@ -1749,7 +1747,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun)
+ if (EXTRACT_OVER_PIPE)
+ {
+ if (extractor != extract_file)
+- return false;
++ return NULL;
+ }
+ else
+ {
+@@ -1763,7 +1761,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun)
+ && errno && errno != ENOENT)
+ {
+ unlink_error (file_name);
+- return false;
++ return NULL;
+ }
+ break;
+
+@@ -1773,7 +1771,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun)
+ WARNOPT (WARN_IGNORE_NEWER,
+ (0, 0, _("Current %s is newer or same age"),
+ quote (file_name)));
+- return false;
++ return NULL;
+ }
+ break;
+
+@@ -1781,9 +1779,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun)
+ break;
+ }
+ }
+- *fun = extractor;
+-
+- return true;
++ return extractor;
+ }
+
+ /* Extract a file from the archive. */
+@@ -1791,7 +1787,6 @@ void
+ extract_archive (void)
+ {
+ char typeflag;
+- tar_extractor_t fun;
+ bool skip_dotdot_name;
+
+ fatal_exit_hook = extract_finish;
+@@ -1841,12 +1836,14 @@ extract_archive (void)
+
+ /* Extract the archive entry according to its type. */
+ /* KLUDGE */
+- typeflag = sparse_member_p (¤t_stat_info) ?
+- GNUTYPE_SPARSE : current_header->header.typeflag;
++ typeflag = (sparse_member_p (¤t_stat_info)
++ ? GNUTYPE_SPARSE : current_header->header.typeflag);
+
+- if (prepare_to_extract (current_stat_info.file_name, typeflag, &fun))
++ tar_extractor_t fun = prepare_to_extract (current_stat_info.file_name,
++ typeflag);
++ if (fun)
+ {
+- if (fun (current_stat_info.file_name, typeflag) == 0)
++ if (fun (current_stat_info.file_name, typeflag))
+ return;
+ }
+ else
+--
+2.44.1
+
diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch
new file mode 100644
index 00000000000..c3a94db5a05
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch
@@ -0,0 +1,169 @@
+From a934d62acc1edc202e93e9f1b38eff1d880568a0 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 12 May 2025 17:17:21 +0300
+Subject: [PATCH] Handle directory members consistently when listing and when
+ extracting.
+
+* src/list.c (skim_member): Recognize directory members using
+the same rules as during extraction.
+* tests/skipdir.at: New testcase.
+* tests/testsuite.at: Add new test.
+* tests/Makefile.am: Likewise.
+
+CVE: CVE-2026-5704
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b009124ffde415515081db844d7a104e1d1c6c58]
+
+(cherry picked from commit b009124ffde415515081db844d7a104e1d1c6c58)
+Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
+---
+ src/list.c | 22 ++++++++++++++++--
+ tests/Makefile.am | 1 +
+ tests/skipdir.at | 56 ++++++++++++++++++++++++++++++++++++++++++++++
+ tests/testsuite.at | 3 ++-
+ 4 files changed, 79 insertions(+), 3 deletions(-)
+ create mode 100644 tests/skipdir.at
+
+diff --git a/src/list.c b/src/list.c
+index e9a68159..928779e1 100644
+--- a/src/list.c
++++ b/src/list.c
+@@ -1440,6 +1440,23 @@ skip_member (void)
+ skim_member (false);
+ }
+
++static bool
++member_is_dir (struct tar_stat_info *info, char typeflag)
++{
++ switch (typeflag) {
++ case AREGTYPE:
++ case REGTYPE:
++ case CONTTYPE:
++ return info->had_trailing_slash;
++
++ case DIRTYPE:
++ return true;
++
++ default:
++ return false;
++ }
++}
++
+ /* Skip the current member in the archive.
+ If MUST_COPY, always copy instead of skipping. */
+ void
+@@ -1447,14 +1464,15 @@ skim_member (bool must_copy)
+ {
+ if (!current_stat_info.skipped)
+ {
+- char save_typeflag = current_header->header.typeflag;
++ bool is_dir = member_is_dir (¤t_stat_info,
++ current_header->header.typeflag);
+ set_next_block_after (current_header);
+
+ mv_begin_read (¤t_stat_info);
+
+ if (current_stat_info.is_sparse)
+ sparse_skim_file (¤t_stat_info, must_copy);
+- else if (save_typeflag != DIRTYPE)
++ else if (!is_dir)
+ skim_file (current_stat_info.stat.st_size, must_copy);
+
+ mv_end ();
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 1884b722..6cf726c0 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -240,6 +240,7 @@ TESTSUITE_AT = \
+ shortrec.at\
+ shortupd.at\
+ sigpipe.at\
++ skipdir.at\
+ sparse01.at\
+ sparse02.at\
+ sparse03.at\
+diff --git a/tests/skipdir.at b/tests/skipdir.at
+new file mode 100644
+index 00000000..7106ee74
+--- /dev/null
++++ b/tests/skipdir.at
+@@ -0,0 +1,56 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++
++# Test suite for GNU tar.
++# Copyright 2025 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# Description: determining member type when listing and extracting
++# should follow the same principles.
++#
++# Until version 1.35 the same archive member could have been processed
++# as a directory when extracting and as a regular file when being
++# skipped during listing.
++#
++# References: https://savannah.gnu.org/patch/index.php?10100
++
++AT_SETUP([skip directory members])
++AT_KEYWORDS([skipdir])
++AT_DATA([archive.in],
++[/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4Cf/AG1dADedyh4ubnxHHIi7Cen6orusgKqY3paKeQwp
++3//HS9EIT7Hm+MsndXfRntXVt8mu8oDpLOfC+AB9VldyCtp2jqOfTwa455qfGAcONPn6WWDgsaAh
++O2Y6ptXuaF/vdaNkub7SkOBME8jHYITT5QAAAAAAHtdcflb5Zw8AAYkBgFAAAPYgb0axxGf7AgAA
++AAAEWVo=
++])
++AT_CHECK([base64 --help >/dev/null 2>&1 || AT_SKIP_TEST
++xz --help >/dev/null 2>&1 || AT_SKIP_TEST
++base64 -d < archive.in | xz -c -d > archive.tar
++])
++AT_CHECK([tar tf archive.tar],
++[0],
++[owo1/
++owo2/
++])
++AT_CHECK([tar vxf archive.tar],
++[0],
++[owo1/
++owo2/
++])
++AT_CHECK([tar -xvf archive.tar --exclude owo1],
++[0],
++[owo2/
++])
++AT_CLEANUP
+diff --git a/tests/testsuite.at b/tests/testsuite.at
+index 44ae773b..f2229be1 100644
+--- a/tests/testsuite.at
++++ b/tests/testsuite.at
+@@ -464,7 +464,7 @@ AT_BANNER([Volume operations])
+ m4_include([volume.at])
+ m4_include([volsize.at])
+
+-AT_BANNER()
++AT_BANNER([Various tests])
+ m4_include([comprec.at])
+ m4_include([shortfile.at])
+ m4_include([shortupd.at])
+@@ -473,6 +473,7 @@ m4_include([truncate.at])
+ m4_include([grow.at])
+ m4_include([sigpipe.at])
+ m4_include([comperr.at])
++m4_include([skipdir.at])
+
+ AT_BANNER([Removing files after archiving])
+ m4_include([remfiles01.at])
+--
+2.44.1
+
diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch
new file mode 100644
index 00000000000..d38b46b8ecd
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch
@@ -0,0 +1,176 @@
+From 4e742fc8674064a9fa00d4483d06aca48d5b0463 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sat, 26 Jul 2025 21:41:23 -0700
+Subject: [PATCH] --no-overwrite-dir no overwrite even temporarily
+
+Problem and fix reported by Pavel Cahyna in
+https://lists.gnu.org/r/bug-tar/2025-01/msg00000.html
+* src/extract.c (extract_dir): With --no-overwrite-dir,
+skip the chmod if the directory already exists.
+* tests/extrac23.at (--no-overwrite-dir on empty directory):
+Move the part of the test that looks at a nonempty directory ...
+* tests/extrac30.at: ... to this new file, because the test now
+must be run as non-root. Adjust the test to match the new behavior.
+* tests/Makefile.am (TESTSUITE_AT), tests/testsuite.at: Add it.
+
+CVE: CVE-2026-5704
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=4e742fc8674064a9fa00d4483d06aca48d5b0463]
+
+Backport Changes:
+- Omit the NEWS update.
+- Adapt tests/Makefile.am and tests/testsuite.at context to the tar-1.35
+ test list carried by OE-Core.
+
+(cherry picked from commit 4e742fc8674064a9fa00d4483d06aca48d5b0463)
+Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
+---
+diff --git a/src/extract.c b/src/extract.c
+index 3bf0d77..4ed19b6 100644
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1102,31 +1102,6 @@ extract_dir (char *file_name, MAYBE_UNUSED char typeflag)
+ repair_delayed_set_stat (file_name, &st);
+ return true;
+ }
+- else if (old_files_option == NO_OVERWRITE_DIR_OLD_FILES)
+- {
+- /* Temporarily change the directory mode to a safe
+- value, to be able to create files in it, should
+- the need be.
+- */
+- mode = safe_dir_mode (&st);
+- status = fd_chmod (-1, file_name, mode,
+- AT_SYMLINK_NOFOLLOW, DIRTYPE);
+- if (status == 0)
+- {
+- /* Store the actual directory mode, to be restored
+- later.
+- */
+- current_stat_info.stat = st;
+- current_mode = mode & ~ current_umask;
+- current_mode_mask = MODE_RWX;
+- atflag = AT_SYMLINK_NOFOLLOW;
+- break;
+- }
+- else
+- {
+- chmod_error_details (file_name, mode);
+- }
+- }
+ break;
+ }
+ }
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index baeb55b..a75abdb 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -133,6 +133,7 @@ TESTSUITE_AT = \
+ extrac23.at\
+ extrac24.at\
+ extrac25.at\
++ extrac30.at\
+ extrac32.at\
+ filerem01.at\
+ filerem02.at\
+diff --git a/tests/extrac23.at b/tests/extrac23.at
+index cb63ebb..efc9a32 100644
+--- a/tests/extrac23.at
++++ b/tests/extrac23.at
+@@ -15,15 +15,12 @@
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
+-AT_SETUP([--no-overwrite-dir])
++AT_SETUP([--no-overwrite-dir on empty directory])
+ AT_KEYWORDS([extract extrac23 no-overwrite-dir])
+
+ # Description: Implementation of the --no-overwrite-dir option was flawed in
+ # tar versions up to 1.32.90. This option is intended to preserve metadata
+ # of existing directories. In fact it worked only for non-empty directories.
+-# Moreover, if the actual directory was owned by the user tar runs as and the
+-# S_IWUSR bit was not set in its actual permissions, tar failed to create files
+-# in it.
+ #
+ # Reported by: Michael Kaufmann <mail@michael-kaufmann.ch>
+ # References: <20200207112934.Horde.anXzYhAj2CHiwUrw5CuT0G-@webmail.michael-kaufmann.ch>,
+@@ -38,21 +35,10 @@ chmod 777 dir
+ tar -xf a.tar --no-overwrite-dir
+ genfile --stat=mode.777 dir
+
+-# Test if temporary permissions are set correctly to allow the owner
+-# to write to the directory.
+-genfile --file dir/file
+-tar cf a.tar dir
+-rm dir/file
+-chmod 400 dir
+-tar -xf a.tar --no-overwrite-dir
+-genfile --stat=mode.777 dir
+-chmod 700 dir
+ find dir
+ ],
+ [0],
+ [777
+-400
+ dir
+-dir/file
+ ])
+ AT_CLEANUP
+diff --git a/tests/extrac30.at b/tests/extrac30.at
+new file mode 100644
+index 0000000..8c879c9
+--- /dev/null
++++ b/tests/extrac30.at
+@@ -0,0 +1,47 @@
++# Test suite for GNU tar. -*- Autotest -*-
++# Copyright 2020-2025 Free Software Foundation, Inc.
++#
++# This file is part of GNU tar.
++#
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++#
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++AT_SETUP([--no-overwrite-dir on unwritable directory])
++AT_KEYWORDS([extract extrac30 no-overwrite-dir])
++
++# Make sure that tar does not change permissions on directories if
++# --no-overwrite-dir tells it not to, not even temporarily.
++
++AT_TAR_CHECK([
++AT_UNPRIVILEGED_PREREQ
++
++# Test that the user cannot write to a unwritable directory
++# if --no-overwrite-dir is used.
++mkdir dir
++chmod 755 dir
++genfile --file dir/file
++tar cf a.tar dir
++rm dir/file
++chmod 555 dir
++tar -xf a.tar --no-overwrite-dir
++genfile --stat=mode.777 dir
++chmod 755 dir
++find dir
++],
++[0],
++[555
++dir
++],
++[tar: dir/file: Cannot open: Permission denied
++tar: Exiting with failure status due to previous errors
++])
++AT_CLEANUP
+diff --git a/tests/testsuite.at b/tests/testsuite.at
+index 5875700..331a6e3 100644
+--- a/tests/testsuite.at
++++ b/tests/testsuite.at
+@@ -352,0 +353 @@
++m4_include([extrac30.at])
diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704.patch
new file mode 100644
index 00000000000..81c6df37128
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2026-5704.patch
@@ -0,0 +1,556 @@
+From b97bbb10103a911d418015b7ff41384af0419952 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 22 Mar 2026 12:19:40 -0700
+Subject: [PATCH] Fix more -t/-x discrepancies
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Problem reported by Guillermo de Angel in:
+https://lists.gnu.org/r/bug-tar/2026-03/msg00007.html
+* THANKS: Add him, and sort.
+* src/extract.c (extract_dir, extract_file):
+* src/incremen.c (purge_directory):
+Do not call skip_member, as the caller now does that, and does it
+more reliably.
+* src/extract.c (extract_file):
+Mark file as skipped when we’ve read it.
+(extract_archive): Always call skip_member after extracting,
+as it suppresses the skip as needed.
+* src/incremen.c (try_purge_directory): Remove; no longer
+needed. Move internals to purge_directory.
+* src/list.c (read_header): Do not treat LNKTYPE header as having
+size zero, as it can be nonzero (e.g., ‘pax -o linkdata’).
+Set info->skipped field according to how the header was read.
+(member_is_dir): Remove; no longer needed.
+(skim_member): Skip directory data too, unless it’s already been
+skipped (i.e., read).
+* tests/extrac32.at: New file.
+* tests/Makefile.am (TESTSUITE_AT):
+* tests/testsuite.at:
+Add it.
+* tests/skipdir.at (skip directory members):
+Fix test to match the correct behavior.
+This fixes a bug introduced in commit
+b009124ffde415515081db844d7a104e1d1c6c58
+dated 2025-05-12 17:17:21 +0300.
+
+CVE: CVE-2026-5704
+Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b8d8a61b25588caca4efaf9bdd2e3f1a49da77e3]
+
+Backport Changes:
+- Replaced UNNAMED(typeflag) with MAYBE_UNUSED char typeflag in extract_dir()
+ under src/extract.c, as the UNNAMED macro is not available in tar 1.35
+ (introduced later in upstream commit 9280aa3807c1 "Prefer UNNAMED to
+ MAYBE_UNUSED").
+- THANKS file context difference: tar 1.35 has "Jurgen Botz" (ASCII),
+ while upstream has "Jürgen Botz" (UTF-8 umlaut), changed in upstream
+ commit 390950282d98 ("maint: fix some encodings and email addresses");
+ the removed line in the diff reflects the tar 1.35 spelling.
+
+(cherry picked from commit b8d8a61b25588caca4efaf9bdd2e3f1a49da77e3)
+Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
+---
+ THANKS | 30 +++++++++++++++--------------
+ src/extract.c | 23 ++++++----------------
+ src/incremen.c | 22 +++++++--------------
+ src/list.c | 48 +++++++++++++++-------------------------------
+ tests/Makefile.am | 1 +
+ tests/extrac32.at | 47 +++++++++++++++++++++++++++++++++++++++++++++
+ tests/skipdir.at | 6 +-----
+ tests/testsuite.at | 1 +
+ 8 files changed, 94 insertions(+), 84 deletions(-)
+ create mode 100644 tests/extrac32.at
+
+diff --git a/THANKS b/THANKS
+index aee0a924..03fa49d5 100644
+--- a/THANKS
++++ b/THANKS
+@@ -6,6 +6,7 @@ Many people further contributed to GNU tar by reporting problems,
+ suggesting various improvements or submitting actual code. Here is a
+ list of these people. Help me keep it complete and exempt of errors.
+ See various ChangeLogs for a detailed description of contributions.
++This listed is sorted via "LC_ALL=C sort".
+
+ Aage Robeck aagero@ifi.uio.no
+ Adam Borowski kilobyte@angband.pl
+@@ -36,8 +37,8 @@ Andrew J. Schorr schorr@ead.dsa.com
+ Andrew Torda torda@igc.chem.ethz.ch
+ Andrey A. Chernov ache@astral.msk.su
+ Andy Gay andy@rdl.co.uk
+-Antonio Jose Coutinho ajc@di.uminho.pt
+ Anthony G. Basile blueness@gentoo.org
++Antonio Jose Coutinho ajc@di.uminho.pt
+ Ariel Faigon ariel@engr.sgi.com
+ Arne Wichmann aw@math.uni-sb.de
+ Arnold Robbins arnold@gnu.org
+@@ -79,9 +80,9 @@ Cesar Romani romani@ifm.uni-hamburg.de
+ Chad Hurwitz churritz@cts.com
+ Chance Reschke creschke@usra.edu
+ Charles Fu ccwf@klab.caltech.edu
+-Charles McGarvey chazmcgarvey@brokenzipper.com
+ Charles Lopes Charles.Lopes@infm.ulst.ac.uk
+ Charles M. Hannum mycroft@gnu.org
++Charles McGarvey chazmcgarvey@brokenzipper.com
+ Chip Salzenberg tct!chip
+ Chris Arthur csa@gnu.org
+ Chris F.M. Verberne verberne@prl.philips.nl
+@@ -93,9 +94,9 @@ Christian Callsen Christian.Callsen@eng.sun.com
+ Christian Kirsch ck@held.mind.de
+ Christian Laubscher christian.laubscher@tiscalinet.ch
+ Christian T. Dum ctd@mpe-garching.mpg.de
+-Christian von Roques roques@pond.sub.org
+-Christian Wetzel wetzel@phoenix-pacs.de
+ Christian Weisgerber naddy@mips.inka.de
++Christian Wetzel wetzel@phoenix-pacs.de
++Christian von Roques roques@pond.sub.org
+ Christoph Litauer litauer@mailhost.uni-koblenz.de
+ Christophe Colle colle@krtkg1.rug.ac.be
+ Christophe Kalt Christophe.Kalt@kbcfp.com
+@@ -117,8 +118,8 @@ Dan Bloch dan@transarc.com
+ Dan Drake dan@dandrake.org
+ Dan Reish dreish@izzy.net
+ Daniel Hagerty hag@gnu.org
+-Daniel Quinlan quinlan@pathname.com
+ Daniel Kahn Gillmor dkg@fifthhorseman.net
++Daniel Quinlan quinlan@pathname.com
+ Daniel R. Guilderson d.guilderson@ma30.bull.com
+ Daniel S. Barclay daniel@compass-da.com
+ Daniel Trinkle trinkle@cs.purdue.edu
+@@ -198,6 +199,7 @@ Greg Hudson ghudson@mit.edu
+ Greg Maples greg@clari.net
+ Greg McGary gkm@cstone.net
+ Greg Schafer gschafer@zip.com.au
++Guillermo de Angel gdeangelg@gmail.com
+ Göran Uddeborg gvran@uddeborg.pp.se
+ Gürkan Karaman karaman@dssgmbh.de
+ Hans Guerth 100664.3101@compuserve.com
+@@ -222,6 +224,7 @@ Indra Singhal indra@synoptics.com
+ J. Dean Brock brock@cs.unca.edu
+ J.J. Bailey jjb@jagware.bcc.com
+ J.T. Conklin jtc@cygnus.com
++James Antill jantill@redhat.com
+ James Crawford Ralston qralston+@pitt.edu
+ James E. Carpenter jimc@zach1.tiac.net
+ James H Caldwell Jr caldwell@cs.fsu.edu
+@@ -233,15 +236,15 @@ Jan Carlson janc@sni.ca
+ Jan Djarv jan.djarv@mbox200.swipnet.se
+ Janice Burton r06a165@bcc25.kodak.com
+ Janne Snabb snabb@niksula.hut.fi
+-Jason R. Mastaler jason@webmaster.net
+ Jason Armistead Jason.Armistead@otis.com
++Jason R. Mastaler jason@webmaster.net
+ Jay Fenlason hack@gnu.org
+ Jean-Louis Martineau martineau@zmanda.com
+-Jean-Michel Soenen soenen@lectra.fr
+ Jean-Loup Gailly jloup@chorus.fr
+-Jeff Moskow jeff@rtr.com
++Jean-Michel Soenen soenen@lectra.fr
+ Jean-Ph. Martin-Flatin syj@ecmwf.int
+ Jean-Pierre Demailly Jean-Pierre.Demailly@ujf-grenoble.fr
++Jeff Moskow jeff@rtr.com
+ Jeff Prothero jsp@betz.biostr.washington.edu
+ Jeff Siegel js@hornet.att.com
+ Jeff Sorensen sorenj@alumni.rpi.edu
+@@ -249,7 +252,6 @@ Jeffrey Goldberg J.Goldberg@cranfield.ac.uk
+ Jeffrey Mark Siskind Qobi@emba.uvm.edu
+ Jeffrey W. Parker jwpkr@mcs.com
+ Jens Henrik Jensen recjhl@mediator.uni-c.dk
+-Jérémy Bobbio lunar@debian.org
+ Jim Blandy jimb@totoro.cs.oberlin.edu
+ Jim Clausing jac@postbox.acs.ohio-state.edu
+ Jim Farrell jwf@platinum.com
+@@ -283,13 +285,14 @@ Joutsiniemi Tommi Il tj75064@cs.tut.fi
+ Joy Kendall jak8@world.std.com
+ Judy Ricker jricker@gdstech.grumman.com
+ Juha Sarlin juha@tds.kth.se
+-Jurgen Botz jbotz@orixa.mtholyoke.edu
+ Jyh-Shyang Wang erik@vsp.ee.nctu.edu.tw
++Jérémy Bobbio lunar@debian.org
+ Jörg Schilling schilling@fokus.fraunhofer.de
+-Jörg Weule weule@cs.uni-duesseldorf.de
+ Jörg Weilbier gnu@weilbier.net
++Jörg Weule weule@cs.uni-duesseldorf.de
+ Jörgen Hågg Jorgen.Hagg@axis.se
+ Jörgen Weigert jw@suse.de
++Jürgen Botz jbotz@orixa.mtholyoke.edu
+ Jürgen Lüters jlueters@t-online.de
+ Jürgen Reiss reiss@psychologie.uni-wuerzburg.de
+ Kai Petzke wpp@marie.physik.tu-berlin.de
+@@ -311,7 +314,6 @@ Kimmy Posey kimmyd@bnr.ca
+ Koji Kishi kis@rqa.sony.co.jp
+ Konno Hiroharu konno@pac.co.jp
+ Kurt Jaeger pi@lf.net
+-James Antill jantill@redhat.com
+ Larry Creech lcreech@lonestar.rcclub.org
+ Larry Schwimmer rosebud@cyclone.stanford.edu
+ Lasse Collin lasse.collin@tukaani.org
+@@ -394,7 +396,6 @@ Oswald P. Backus IV backus@lks.csi.com
+ Pascal Meheut pascal@cnam.cnam.fr
+ Patrick Fulconis fulco@sig.uvsq.fr
+ Patrick Timmons timmons@electech.polymtl.ca
+-Pavel Raiskup praiskup@redhat.com
+ Paul Eggert eggert@twinsun.com
+ Paul Kanz paul@icx.com
+ Paul Mitchell P.Mitchell@surrey.ac.uk
+@@ -402,6 +403,7 @@ Paul Nevai pali+@osu.edu
+ Paul Nordstrom 100067.3532@compuserve.com
+ Paul O'Connor oconnorp@ul.ie
+ Paul Siddall pauls@postman.essex.ac.uk
++Pavel Raiskup praiskup@redhat.com
+ Peder Chr. Norgaard pcn@tbit.dk
+ Pekka Janhunen Pekka.Janhunen@fmi.fi
+ Per Bojsen pb@delta.dk
+@@ -420,9 +422,9 @@ Piotr Rotter piotr.rotter@active24.pl
+ R. Kent Dybvig dyb@cadence.bloomington.in.us
+ R. Scott Butler butler@prism.es.dupont.com
+ Rainer Orth ro@TechFak.Uni-Bielefeld.DE
+-Ralf Wildenhues Ralf.Wildenhues@gmx.de
+ Ralf S. Engelschall rse@engelschall.com
+ Ralf Suckow suckow@contrib.de
++Ralf Wildenhues Ralf.Wildenhues@gmx.de
+ Ralph Corderoy ralph@inputplus.co.uk
+ Ralph Schleicher rs@purple.ul.bawue.de
+ Randy Bias randyb@edge.edge.net
+diff --git a/src/extract.c b/src/extract.c
+index b384fed3..3bf0d77e 100644
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1037,7 +1037,7 @@ safe_dir_mode (struct stat const *st)
+ /* Extractor functions for various member types */
+
+ static bool
+-extract_dir (char *file_name, char typeflag)
++extract_dir (char *file_name, MAYBE_UNUSED char typeflag)
+ {
+ int status;
+ mode_t mode;
+@@ -1060,8 +1060,6 @@ extract_dir (char *file_name, char typeflag)
+ if (incremental_option)
+ /* Read the entry and delete files that aren't listed in the archive. */
+ purge_directory (file_name);
+- else if (typeflag == GNUTYPE_DUMPDIR)
+- skip_member ();
+
+ mode = safe_dir_mode (¤t_stat_info.stat);
+
+@@ -1266,10 +1264,7 @@ extract_file (char *file_name, char typeflag)
+ {
+ fd = sys_exec_command (file_name, 'f', ¤t_stat_info);
+ if (fd < 0)
+- {
+- skip_member ();
+- return true;
+- }
++ return true;
+ }
+ else
+ {
+@@ -1289,7 +1284,6 @@ extract_file (char *file_name, char typeflag)
+ int recover = maybe_recoverable (file_name, true, &interdir_made);
+ if (recover != RECOVER_OK)
+ {
+- skip_member ();
+ if (recover == RECOVER_SKIP)
+ return true;
+ open_error (file_name);
+@@ -1337,6 +1331,7 @@ extract_file (char *file_name, char typeflag)
+ }
+
+ skim_file (size, false);
++ current_stat_info.skipped = true;
+
+ mv_end ();
+
+@@ -1841,15 +1836,9 @@ extract_archive (void)
+
+ tar_extractor_t fun = prepare_to_extract (current_stat_info.file_name,
+ typeflag);
+- if (fun)
+- {
+- if (fun (current_stat_info.file_name, typeflag))
+- return;
+- }
+- else
+- skip_member ();
+-
+- if (backup_option)
++ bool ok = fun && fun (current_stat_info.file_name, typeflag);
++ skip_member ();
++ if (!ok && backup_option)
+ undo_last_backup ();
+ }
+
+diff --git a/src/incremen.c b/src/incremen.c
+index 7bcfdb93..194d5cb1 100644
+--- a/src/incremen.c
++++ b/src/incremen.c
+@@ -1625,8 +1625,8 @@ dumpdir_ok (char *dumpdir)
+
+ /* Examine the directories under directory_name and delete any
+ files that were not there at the time of the back-up. */
+-static bool
+-try_purge_directory (char const *directory_name)
++void
++purge_directory (char const *directory_name)
+ {
+ char *current_dir;
+ char *cur, *arc, *p;
+@@ -1634,18 +1634,18 @@ try_purge_directory (char const *directory_name)
+ struct dumpdir *dump;
+
+ if (!is_dumpdir (¤t_stat_info))
+- return false;
++ return;
+
+ current_dir = tar_savedir (directory_name, 0);
+
+ if (!current_dir)
+ /* The directory doesn't exist now. It'll be created. In any
+ case, we don't have to delete any files out of it. */
+- return false;
++ return;
+
+ /* Verify if dump directory is sane */
+ if (!dumpdir_ok (current_stat_info.dumpdir))
+- return false;
++ return;
+
+ /* Process renames */
+ for (arc = current_stat_info.dumpdir; *arc; arc += strlen (arc) + 1)
+@@ -1666,7 +1666,7 @@ try_purge_directory (char const *directory_name)
+ quote (temp_stub)));
+ free (temp_stub);
+ free (current_dir);
+- return false;
++ return;
+ }
+ }
+ else if (*arc == 'R')
+@@ -1700,7 +1700,7 @@ try_purge_directory (char const *directory_name)
+ free (current_dir);
+ /* FIXME: Make sure purge_directory(dst) will return
+ immediately */
+- return false;
++ return;
+ }
+ }
+ }
+@@ -1758,14 +1758,6 @@ try_purge_directory (char const *directory_name)
+ dumpdir_free (dump);
+
+ free (current_dir);
+- return true;
+-}
+-
+-void
+-purge_directory (char const *directory_name)
+-{
+- if (!try_purge_directory (directory_name))
+- skip_member ();
+ }
+
+ void
+diff --git a/src/list.c b/src/list.c
+index 928779e1..c9623eb4 100644
+--- a/src/list.c
++++ b/src/list.c
+@@ -437,20 +437,15 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ if ((status = tar_checksum (header, false)) != HEADER_SUCCESS)
+ break;
+
+- /* Good block. Decode file size and return. */
+-
+- if (header->header.typeflag == LNKTYPE)
+- info->stat.st_size = 0; /* links 0 size on tape */
+- else
++ info->stat.st_size = OFF_FROM_HEADER (header->header.size);
++ if (info->stat.st_size < 0)
+ {
+- info->stat.st_size = OFF_FROM_HEADER (header->header.size);
+- if (info->stat.st_size < 0)
+- {
+- status = HEADER_FAILURE;
+- break;
+- }
++ status = HEADER_FAILURE;
++ break;
+ }
+
++ info->skipped = false;
++
+ if (header->header.typeflag == GNUTYPE_LONGNAME
+ || header->header.typeflag == GNUTYPE_LONGLINK
+ || header->header.typeflag == XHDTYPE
+@@ -513,11 +508,15 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ }
+
+ *bp = '\0';
++ info->skipped = true;
+ }
+ else if (header->header.typeflag == XHDTYPE
+ || header->header.typeflag == SOLARIS_XHDTYPE)
+- xheader_read (&info->xhdr, header,
+- OFF_FROM_HEADER (header->header.size));
++ {
++ xheader_read (&info->xhdr, header,
++ OFF_FROM_HEADER (header->header.size));
++ info->skipped = true;
++ }
+ else if (header->header.typeflag == XGLTYPE)
+ {
+ struct xheader xhdr;
+@@ -531,6 +530,7 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ OFF_FROM_HEADER (header->header.size));
+ xheader_decode_global (&xhdr);
+ xheader_destroy (&xhdr);
++ info->skipped = true;
+ if (mode == read_header_x_global)
+ {
+ status = HEADER_SUCCESS_EXTENDED;
+@@ -1440,23 +1440,6 @@ skip_member (void)
+ skim_member (false);
+ }
+
+-static bool
+-member_is_dir (struct tar_stat_info *info, char typeflag)
+-{
+- switch (typeflag) {
+- case AREGTYPE:
+- case REGTYPE:
+- case CONTTYPE:
+- return info->had_trailing_slash;
+-
+- case DIRTYPE:
+- return true;
+-
+- default:
+- return false;
+- }
+-}
+-
+ /* Skip the current member in the archive.
+ If MUST_COPY, always copy instead of skipping. */
+ void
+@@ -1464,18 +1447,17 @@ skim_member (bool must_copy)
+ {
+ if (!current_stat_info.skipped)
+ {
+- bool is_dir = member_is_dir (¤t_stat_info,
+- current_header->header.typeflag);
+ set_next_block_after (current_header);
+
+ mv_begin_read (¤t_stat_info);
+
+ if (current_stat_info.is_sparse)
+ sparse_skim_file (¤t_stat_info, must_copy);
+- else if (!is_dir)
++ else
+ skim_file (current_stat_info.stat.st_size, must_copy);
+
+ mv_end ();
++ current_stat_info.skipped = true;
+ }
+ }
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 6cf726c0..baeb55bb 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -133,6 +133,7 @@ TESTSUITE_AT = \
+ extrac23.at\
+ extrac24.at\
+ extrac25.at\
++ extrac32.at\
+ filerem01.at\
+ filerem02.at\
+ grow.at\
+diff --git a/tests/extrac32.at b/tests/extrac32.at
+new file mode 100644
+index 00000000..3829a483
+--- /dev/null
++++ b/tests/extrac32.at
+@@ -0,0 +1,47 @@
++# Check for file injection bug with symlinks. -*- Autotest -*-
++
++# Copyright 2026 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# Thanks to Guillermo de Angel for the bug report and test cases; see:
++# https://lists.gnu.org/r/bug-tar/2026-03/msg00007.html
++
++AT_SETUP([skip file injection])
++AT_KEYWORDS([injection])
++AT_DATA([archive.in],
++[/Td6WFoAAATm1rRGBMDbAYAcIQEcAAAAAAAAACYr+9LgDf8A010AMZhKvfVdtHe4Rxjj7M03ek97
++UgeKfJ0ORqYg0XDFntWxdTH4PYrTOo9CoqBrnTM2NcwFBrRVr7aFwdd56vddyAw2QGDjxgNexDU3
++ImTi/+z8ZOLMi/+AybdEpd5aA/M9Maa+8tQ84bySzSAwrmxMWJJ6W9IKvsqfiRa3TrD51v44PZU/
++KLVKpocS56n/O3g+b+hiZwaysR0eLO+tiU8FB/e3PEq3vTtDFVi/YfZMieBWSzomSX9eF13K1yPY
++UuWgp7VokXqduL0YGNVV40MTPG9oAAAApD6mpajengIAAfcBgBwAAOM4xw6xxGf7AgAAAAAEWVo=
++])
++AT_CHECK([base64 --help >/dev/null 2>&1 || AT_SKIP_TEST
++xz --help >/dev/null 2>&1 || AT_SKIP_TEST
++base64 -d < archive.in | xz -c -d > archive.tar
++])
++cp archive.tar /tmp
++AT_CHECK([tar tf archive.tar],
++[0],
++[carrier_entry
++marker.txt
++])
++AT_CHECK([tar xvf archive.tar],
++[0],
++[carrier_entry
++marker.txt
++])
++AT_CLEANUP
+diff --git a/tests/skipdir.at b/tests/skipdir.at
+index 7106ee74..a58a20fd 100644
+--- a/tests/skipdir.at
++++ b/tests/skipdir.at
+@@ -42,15 +42,11 @@ base64 -d < archive.in | xz -c -d > archive.tar
+ AT_CHECK([tar tf archive.tar],
+ [0],
+ [owo1/
+-owo2/
+ ])
+ AT_CHECK([tar vxf archive.tar],
+ [0],
+ [owo1/
+-owo2/
+ ])
+ AT_CHECK([tar -xvf archive.tar --exclude owo1],
+-[0],
+-[owo2/
+-])
++[0])
+ AT_CLEANUP
+diff --git a/tests/testsuite.at b/tests/testsuite.at
+index f2229be1..58757005 100644
+--- a/tests/testsuite.at
++++ b/tests/testsuite.at
+@@ -349,6 +349,7 @@ m4_include([extrac22.at])
+ m4_include([extrac23.at])
+ m4_include([extrac24.at])
+ m4_include([extrac25.at])
++m4_include([extrac32.at])
+
+ m4_include([backup01.at])
+
+--
+2.44.1
+
diff --git a/meta/recipes-extended/tar/tar_1.35.bb b/meta/recipes-extended/tar/tar_1.35.bb
index c7bd1d195e5..f7d09a41267 100644
--- a/meta/recipes-extended/tar/tar_1.35.bb
+++ b/meta/recipes-extended/tar/tar_1.35.bb
@@ -48,6 +48,10 @@ SRC_URI += " \
file://0001-tests-fix-TESTSUITE_AT.patch \
file://0002-tests-check-for-recently-fixed-bug.patch \
file://0003-Exclude-VCS-directory-with-writing-from-an-archive.patch \
+ file://CVE-2026-5704-dependent_p1.patch \
+ file://CVE-2026-5704-dependent_p2.patch \
+ file://CVE-2026-5704.patch \
+ file://CVE-2026-5704-regression.patch \
"
inherit ptest
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 04/25] sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (2 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 03/25] tar: Fix CVE-2026-5704 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 05/25] curl: fix CVE-2026-5773 - wrong reuse of SMB connection Yoann Congal
` (20 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Nate Kent <nathan@otiv.ai>
[YOCTO #16321]
In version 1.9.17p2, the line that the recipe uses to add the 'wheel'
group to the sudoers file does not exist. This updates the sed usage to
the actual line in question.
Signed-off-by: Nate Kent <nathan@otiv.ai>
Tested-by: Siva Balasubramanian <sivakumar.bs@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 76231f202a437be221c2580d4fa0fc100c453e92)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-extended/sudo/sudo_1.9.17p2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
index c934dfdce27..90672ed7afd 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb
@@ -34,7 +34,7 @@ do_install:append () {
install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo
if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then
echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo
- sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
+ sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers
fi
fi
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 05/25] curl: fix CVE-2026-5773 - wrong reuse of SMB connection
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (3 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 04/25] sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag Yoann Congal
` (19 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Jaipaul Cheernam <jaipaul.cheernam@est.tech>
libcurl's SMB handler marks connections for reuse (connkeep) without
verifying that subsequent requests target the same share. This allows
a second SMB request to the same host to reuse a connection
authenticated for a different share, potentially accessing data
without proper authorization.
The upstream fix removes connection reuse for SMB entirely in
lib/protocol.c, a file introduced in curl 8.20.0. For 8.7.1, the
equivalent fix is changing connkeep() to connclose() in lib/smb.c,
which prevents the connection from being returned to the pool.
Tested with SMBv1 server (Docker dperson/samba):
Without patch: "Re-using existing connection" for different shares
With patch: New connection per request, no reuse
Binary verified: Curl_conncontrol arg changes from 0 (KEEP) to 1 (CLOSE)
Reference: https://curl.se/docs/CVE-2026-5773.html
Signed-off-by: Jaipaul Cheernam <jaipaul.cheernam@est.tech>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../curl/curl/CVE-2026-5773.patch | 40 +++++++++++++++++++
meta/recipes-support/curl/curl_8.7.1.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-5773.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2026-5773.patch b/meta/recipes-support/curl/curl/CVE-2026-5773.patch
new file mode 100644
index 00000000000..42ec2b5a5ff
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2026-5773.patch
@@ -0,0 +1,40 @@
+From 74a169575d6412dc0ff532acdf94de35a6c2a571 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 5 Apr 2026 18:23:35 +0200
+Subject: [PATCH] protocol: disable connection reuse for SMB(S)
+
+Connections should only be reused when using the same "share" (and
+perhaps some additional conditions), but instead of fixing this flaw,
+this change completely disables connection reuse for SMB. This protocol
+is about to get dropped soon anyway.
+
+Reported-by: Osama Hamad
+Closes #21238
+
+CVE: CVE-2026-5773
+Upstream-Status: Backport [https://github.com/curl/curl/commit/74a169575d6412dc0ff532acdf94de35a6c2a571]
+
+Note: The upstream fix targets lib/protocol.c which was introduced in
+curl 8.20.0. In 8.7.1 the equivalent is changing connkeep() to
+connclose() in lib/smb.c, which prevents the connection from being
+returned to the pool. The effect is identical.
+
+Signed-off-by: Jaipaul Cheernam <jaipaul.cheernam@est.tech>
+---
+ lib/smb.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/smb.c b/lib/smb.c
+index 7c73cbcec..a1f5c9b31 100644
+--- a/lib/smb.c
++++ b/lib/smb.c
+@@ -461,8 +461,7 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done)
+ if(!smbc->send_buf)
+ return CURLE_OUT_OF_MEMORY;
+
+- /* Multiple requests are allowed with this connection */
+- connkeep(conn, "SMB default");
++ connclose(conn, "SMB default");
+
+ /* Parse the username, domain, and password */
+ slash = strchr(conn->user, '/');
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index 14d63d63733..d0267317517 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -36,6 +36,7 @@ SRC_URI = " \
file://CVE-2026-1965-2.patch \
file://CVE-2026-3783.patch \
file://CVE-2026-3784.patch \
+ file://CVE-2026-5773.patch \
"
SRC_URI:append:class-nativesdk = " \
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (4 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 05/25] curl: fix CVE-2026-5773 - wrong reuse of SMB connection Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-14 12:54 ` Paul Barker
2026-07-09 10:06 ` [OE-core][scarthgap 07/25] dhcpcd: patch CVE-2026-56113 Yoann Congal
` (18 subsequent siblings)
24 siblings, 1 reply; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Harish Sadineni <Harish.Sadineni@windriver.com>
CVE-2025-69648 was marked as a duplicate of CVE-2025-69646. The
existing patch already fixes the issue associated with both CVEs.
Update the "CVE:" tag to reference both identifiers.
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
index e04d7ed6c21..e123273338c 100644
--- a/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch
@@ -19,7 +19,7 @@ length field.
(display_debug_ranges): Check display_debug_rnglists_unit_header
return status. Stop output on error.
-CVE: CVE-2025-69648
+CVE: CVE-2025-69648 CVE-2025-69646
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33]
(cherry picked from commit 598704a00cbac5e85c2bedd363357b5bf6fcee33)
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 07/25] dhcpcd: patch CVE-2026-56113
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (5 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 08/25] dhcpcd: patch CVE-2026-56114 Yoann Congal
` (17 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Backport patch [1] mentionned in [2]
[1] https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25
[2] https://security-tracker.debian.org/tracker/CVE-2026-56113
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../dhcpcd/dhcpcd_10.0.6.bb | 1 +
.../dhcpcd/files/CVE-2026-56113.patch | 92 +++++++++++++++++++
2 files changed, 93 insertions(+)
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
index 6bde9b1f515..65dcbe52ec9 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
@@ -15,6 +15,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma
file://dhcpcd.service \
file://dhcpcd@.service \
file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
+ file://CVE-2026-56113.patch \
"
SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862"
diff --git a/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch
new file mode 100644
index 00000000000..6727bc1a69f
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch
@@ -0,0 +1,92 @@
+From 9f953ada0df6e7a568f006f3ae0ff10a77a95924 Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Tue, 23 Jun 2026 02:17:10 +0100
+Subject: [PATCH] DHCPv6: When deprecating addresses, restart on prefix
+ deletions
+
+As that might invalidate the next address to iterate on.
+
+Reported-by: CuB3y0nd <root@cubeyond.net>
+
+(cherry picked from commit 5733d3c59a5651f64357ac11c98b4f39895c8d25)
+
+CVE: CVE-2026-56113
+Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25]
+Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
+---
+ src/dhcp6.c | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index bdc3664e..5154bf41 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -2480,12 +2480,13 @@ dhcp6_findia(struct interface *ifp, struct dhcp6_message *m, size_t l,
+ }
+
+ #ifndef SMALL
+-static void
++static bool
+ dhcp6_deprecatedele(struct ipv6_addr *ia)
+ {
+ struct ipv6_addr *da, *dan, *dda;
+ struct timespec now;
+ struct dhcp6_state *state;
++ bool freed = false;
+
+ timespecclear(&now);
+ TAILQ_FOREACH_SAFE(da, &ia->pd_pfxs, pd_next, dan) {
+@@ -2511,11 +2512,14 @@ dhcp6_deprecatedele(struct ipv6_addr *ia)
+ if (IN6_ARE_ADDR_EQUAL(&dda->addr, &da->addr))
+ break;
+ }
+- if (dda != NULL) {
++ if (dda != ia && dda != NULL) {
+ TAILQ_REMOVE(&state->addrs, dda, next);
+ ipv6_freeaddr(dda);
++ freed = true;
+ }
+ }
++
++ return freed;
+ }
+ #endif
+
+@@ -2523,7 +2527,11 @@ static void
+ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
+ {
+ struct ipv6_addr *ia, *ian;
++#ifndef SMALL
++ bool again;
++#endif
+
++again:
+ TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
+ if (ia->flags & IPV6_AF_EXTENDED)
+ ;
+@@ -2545,7 +2553,9 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
+ /* If we delegated from this prefix, deprecate or remove
+ * the delegations. */
+ if (ia->flags & IPV6_AF_DELEGATEDPFX)
+- dhcp6_deprecatedele(ia);
++ again = dhcp6_deprecatedele(ia);
++ else
++ again = false;
+ #endif
+
+ if (ia->flags & IPV6_AF_REQUEST) {
+@@ -2558,6 +2568,11 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
+ if (ia->flags & IPV6_AF_EXTENDED)
+ ipv6_deleteaddr(ia);
+ ipv6_freeaddr(ia);
++#ifndef SMALL
++ /* Deletion may invalidate the next pointer so restart */
++ if (again)
++ goto again;
++#endif
+ }
+ }
+
+--
+2.43.0
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 08/25] dhcpcd: patch CVE-2026-56114
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (6 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 07/25] dhcpcd: patch CVE-2026-56113 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 09/25] dhcpcd: patch CVE-2026-56117 Yoann Congal
` (16 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Backport patch [1] mentionned in [2]
[1] https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
[2] https://security-tracker.debian.org/tracker/CVE-2026-56114
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../dhcpcd/dhcpcd_10.0.6.bb | 1 +
.../dhcpcd/files/CVE-2026-56114.patch | 34 +++++++++++++++++++
2 files changed, 35 insertions(+)
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
index 65dcbe52ec9..bc87b91503c 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma
file://dhcpcd@.service \
file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
file://CVE-2026-56113.patch \
+ file://CVE-2026-56114.patch \
"
SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862"
diff --git a/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch
new file mode 100644
index 00000000000..748dc1ee8ca
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch
@@ -0,0 +1,34 @@
+From fd86ded940524f60174582faa96f583c168589ef Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Tue, 23 Jun 2026 02:06:55 +0100
+Subject: [PATCH] DHCPv6: Prefix exclude option can be 17 octets (#671)
+
+Well that's a simple off by one error
+
+Reported-by: CuB3y0nd <root@cubeyond.net>
+
+(cherry picked from commit 2f00c7bfc408b6582d331932dfa47829c4819029)
+
+CVE: CVE-2026-56114
+Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029]
+Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
+---
+ src/dhcp6.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index 5154bf41..1eac9f23 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -1006,7 +1006,7 @@ dhcp6_makemessage(struct interface *ifp)
+
+ /* RFC6603 Section 4.2 */
+ if (ap->prefix_exclude_len) {
+- uint8_t exb[16], *ep, u8;
++ uint8_t exb[17], *ep, u8;
+ const uint8_t *pp;
+
+ n = (size_t)((ap->prefix_exclude_len -
+--
+2.43.0
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 09/25] dhcpcd: patch CVE-2026-56117
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (7 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 08/25] dhcpcd: patch CVE-2026-56114 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 10/25] vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177 Yoann Congal
` (15 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Backport patch [1] mentionned in [2]
[1] https://github.com/NetworkConfiguration/dhcpcd/commit/78ea09ed1633a583dbcde6e7bab9df4639ec8a34
[2] https://security-tracker.debian.org/tracker/CVE-2026-56117
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../dhcpcd/dhcpcd_10.0.6.bb | 1 +
.../dhcpcd/files/CVE-2026-56117.patch | 167 ++++++++++++++++++
2 files changed, 168 insertions(+)
create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
index bc87b91503c..e6854e1c7f2 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma
file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
file://CVE-2026-56113.patch \
file://CVE-2026-56114.patch \
+ file://CVE-2026-56117.patch \
"
SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862"
diff --git a/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch
new file mode 100644
index 00000000000..4f79453aeda
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch
@@ -0,0 +1,167 @@
+From 52e0746deeace02b0ea039441d6cdc58f026018d Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Mon, 22 Jun 2026 23:41:53 +0100
+Subject: [PATCH] control: Avoid hangup in the recvdata path
+
+Instead return an error and bubble it up where it can be
+hangup / freed more cleanly.
+
+Reported-by: CuB3y0nd <root@cubeyond.net>
+
+(cherry picked from commit 78ea09ed1633a583dbcde6e7bab9df4639ec8a34)
+
+CVE: CVE-2026-56117
+Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/78ea09ed1633a583dbcde6e7bab9df4639ec8a34]
+Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
+---
+ src/control.c | 47 ++++++++++++++++++++++++-------------------
+ src/control.h | 2 +-
+ src/privsep-control.c | 7 ++++++-
+ 3 files changed, 33 insertions(+), 23 deletions(-)
+
+diff --git a/src/control.c b/src/control.c
+index 17fd13aa..20480f69 100644
+--- a/src/control.c
++++ b/src/control.c
+@@ -115,10 +115,8 @@ control_handle_read(struct fd_list *fd)
+ bytes = read(fd->fd, buffer, sizeof(buffer) - 1);
+ if (bytes == -1)
+ logerr(__func__);
+- if (bytes == -1 || bytes == 0) {
+- control_hangup(fd);
+- return -1;
+- }
++ if (bytes == -1 || bytes == 0)
++ return (int)bytes;
+
+ #ifdef PRIVSEP
+ if (IN_PRIVSEP(fd->ctx)) {
+@@ -134,15 +132,13 @@ control_handle_read(struct fd_list *fd)
+ if (err == 1 &&
+ ps_ctl_sendargs(fd, buffer, (size_t)bytes) == -1) {
+ logerr(__func__);
+- control_free(fd);
+ return -1;
+ }
+- return 0;
++ return 1;
+ }
+ #endif
+
+- control_recvdata(fd, buffer, (size_t)bytes);
+- return 0;
++ return control_recvdata(fd, buffer, (size_t)bytes);
+ }
+
+ static int
+@@ -205,23 +201,31 @@ static void
+ control_handle_data(void *arg, unsigned short events)
+ {
+ struct fd_list *fd = arg;
++ int err;
+
+ if (!(events & (ELE_READ | ELE_WRITE | ELE_HANGUP)))
+ logerrx("%s: unexpected event 0x%04x", __func__, events);
+
+ if (events & ELE_WRITE && !(events & ELE_HANGUP)) {
+- if (control_handle_write(fd) == -1)
+- return;
++ err = control_handle_write(fd);
++ if (err == -1)
++ goto hangup;
+ }
+ if (events & ELE_READ) {
+- if (control_handle_read(fd) == -1)
+- return;
++ err = control_handle_read(fd);
++ if (err == -1 || err == 0)
++ goto hangup;
+ }
+ if (events & ELE_HANGUP)
+- control_hangup(fd);
++ goto hangup;
++
++ return;
++
++hangup:
++ control_hangup(fd);
+ }
+
+-void
++int
+ control_recvdata(struct fd_list *fd, char *data, size_t len)
+ {
+ char *p = data, *e;
+@@ -243,12 +247,13 @@ control_recvdata(struct fd_list *fd, char *data, size_t len)
+ if (e == NULL) {
+ errno = EINVAL;
+ logerrx("%s: no terminator", __func__);
+- return;
++ return -1;
+ }
+- if ((size_t)argc >= sizeof(argvp) / sizeof(argvp[0])) {
++ if ((size_t)argc + 1 >=
++ sizeof(argvp) / sizeof(argvp[0])) {
+ errno = ENOBUFS;
+ logerrx("%s: no arg buffer", __func__);
+- return;
++ return -1;
+ }
+ *ap++ = p;
+ argc++;
+@@ -268,12 +273,12 @@ control_recvdata(struct fd_list *fd, char *data, size_t len)
+ *ap = NULL;
+ if (dhcpcd_handleargs(fd->ctx, fd, argc, argvp) == -1) {
+ logerr(__func__);
+- if (errno != EINTR && errno != EAGAIN) {
+- control_free(fd);
+- return;
+- }
++ if (errno != EINTR && errno != EAGAIN)
++ return -1;
+ }
+ }
++
++ return 1;
+ }
+
+ struct fd_list *
+diff --git a/src/control.h b/src/control.h
+index f5e2bc7e..c5511dd7 100644
+--- a/src/control.h
++++ b/src/control.h
+@@ -75,5 +75,5 @@ struct fd_list *control_new(struct dhcpcd_ctx *, int, unsigned int);
+ void control_free(struct fd_list *);
+ void control_delete(struct fd_list *);
+ int control_queue(struct fd_list *, void *, size_t);
+-void control_recvdata(struct fd_list *fd, char *, size_t);
++int control_recvdata(struct fd_list *fd, char *, size_t);
+ #endif
+diff --git a/src/privsep-control.c b/src/privsep-control.c
+index 40bfb164..954126c0 100644
+--- a/src/privsep-control.c
++++ b/src/privsep-control.c
+@@ -108,6 +108,7 @@ ps_ctl_dispatch(void *arg, struct ps_msghdr *psm, struct msghdr *msg)
+ struct iovec *iov = msg->msg_iov;
+ struct fd_list *fd;
+ unsigned int fd_flags = FD_SENDLEN;
++ int err;
+
+ switch (psm->ps_flags) {
+ case PS_CTL_PRIV:
+@@ -131,7 +132,11 @@ ps_ctl_dispatch(void *arg, struct ps_msghdr *psm, struct msghdr *msg)
+ if (fd == NULL)
+ return -1;
+ ctx->ps_control_client = fd;
+- control_recvdata(fd, iov->iov_base, iov->iov_len);
++ err = control_recvdata(fd, iov->iov_base, iov->iov_len);
++ if (err == -1 || err == 0) {
++ control_free(fd);
++ ctx->ps_control_client = NULL;
++ }
+ break;
+ case PS_CTL_EOF:
+ ctx->ps_control_client = NULL;
+--
+2.43.0
+
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 10/25] vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (8 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 09/25] dhcpcd: patch CVE-2026-56117 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 11/25] vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656 Yoann Congal
` (14 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6]
[1] https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587
[2] https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459
[3] https://github.com/vim/vim/commit/7088926316d8d4a7572a242d0765e99adfc8b083
[4] https://nvd.nist.gov/vuln/detail/CVE-2026-34982
[5] https://nvd.nist.gov/vuln/detail/CVE-2026-34714
[6] https://nvd.nist.gov/vuln/detail/CVE-2026-35177
More info :
CVE-2026-34982 - vim: arbitrary command execution via modeline sandbox bypass.
CVE-2026-34714 - vim: Arbitrary code execution via crafted file.
CVE-2026-35177 - vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../vim/files/CVE-2026-34714.patch | 109 ++++++++++++++++++
.../vim/files/CVE-2026-34982.patch | 105 +++++++++++++++++
.../vim/files/CVE-2026-35177.patch | 60 ++++++++++
meta/recipes-support/vim/vim.inc | 3 +
4 files changed, 277 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2026-34714.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-34982.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-35177.patch
diff --git a/meta/recipes-support/vim/files/CVE-2026-34714.patch b/meta/recipes-support/vim/files/CVE-2026-34714.patch
new file mode 100644
index 00000000000..fef167e535e
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-34714.patch
@@ -0,0 +1,109 @@
+From 664701eb7576edb7c7c7d9f2d600815ec1f43459 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Mon, 30 Mar 2026 08:20:43 +0000
+Subject: [PATCH] patch 9.2.0272: [security]: 'tabpanel' can be set in a
+ modeline
+
+Problem: 'tabpanel' can be set in a modeline
+Solution: Set the P_MLE flag for the 'tabpanel' option, disable
+ autocmd_add()/autocomd_delete() functions in restricted/secure
+ mode.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-34714
+Upstream-Status: Backport [https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/autocmd.c | 3 +++
+ src/optiondefs.h | 2 +-
+ src/testdir/test_autocmd.vim | 5 +++++
+ src/testdir/test_tabpanel.vim | 16 ++++++++++++++++
+ src/version.c | 2 ++
+ 5 files changed, 27 insertions(+), 1 deletion(-)
+
+diff --git a/src/autocmd.c b/src/autocmd.c
+index 94f9c1fba4..8a6b363aad 100644
+--- a/src/autocmd.c
++++ b/src/autocmd.c
+@@ -3069,6 +3069,9 @@ autocmd_add_or_delete(typval_T *argvars, typval_T *rettv, int delete)
+ rettv->v_type = VAR_BOOL;
+ rettv->vval.v_number = VVAL_FALSE;
+
++ if (check_restricted() || check_secure())
++ return;
++
+ if (check_for_list_arg(argvars, 0) == FAIL)
+ return;
+
+diff --git a/src/optiondefs.h b/src/optiondefs.h
+index 62d142e637..bd02d04f47 100644
+--- a/src/optiondefs.h
++++ b/src/optiondefs.h
+@@ -2570,7 +2570,7 @@ static struct vimoption options[] =
+ (char_u *)&p_tpm, PV_NONE, NULL, NULL,
+ {(char_u *)10L, (char_u *)0L} SCTX_INIT},
+ #if defined(FEAT_TABPANEL)
+- {"tabpanel", "tpl", P_STRING|P_VI_DEF|P_RALL,
++ {"tabpanel", "tpl", P_STRING|P_VI_DEF|P_RALL|P_MLE,
+ (char_u *)&p_tpl, PV_NONE, NULL, NULL,
+ {(char_u *)"", (char_u *)0L} SCTX_INIT},
+ {"tabpanelopt","tplo", P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_COLON
+diff --git a/src/testdir/test_autocmd.vim b/src/testdir/test_autocmd.vim
+index 43605f7e11..1fea13b00a 100644
+--- a/src/testdir/test_autocmd.vim
++++ b/src/testdir/test_autocmd.vim
+@@ -5501,4 +5501,9 @@ func Test_VimResized_and_window_width_not_equalized()
+ call StopVimInTerminal(buf)
+ endfunc
+
++func Test_autocmd_add_secure()
++ call assert_fails('sandbox call autocmd_add([{"event": "BufRead", "cmd": "let x = 1"}])', 'E48:')
++ call assert_fails('sandbox call autocmd_delete([{"event": "BufRead"}])', 'E48:')
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/testdir/test_tabpanel.vim b/src/testdir/test_tabpanel.vim
+index ecc12b59be..b0d4202dc4 100644
+--- a/src/testdir/test_tabpanel.vim
++++ b/src/testdir/test_tabpanel.vim
+@@ -770,4 +770,20 @@ function Test_tabpanel_with_cmdline_pum()
+
+ call StopVimInTerminal(buf)
+ endfunc
++
++func Test_tabpanel_no_modeline()
++ let _tpl = &tabpanel
++ let _mls = &modelineexpr
++
++ set nomodelineexpr
++ setlocal modeline
++ new
++ call writefile(['/* vim: set tabpanel=test: */'], 'Xtabpanel.txt', 'D')
++ call assert_fails(':e Xtabpanel.txt', 'E992:')
++
++ let &tabpanel = _tpl
++ let &modelineexpr = _mls
++ bw!
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index 4f47ec2688..309ddf7f7c 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -724,6 +724,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ { /* Add new patch number below this line */
++/**/
++ 1687,
+ /**/
+ 1686,
+ /**/
+--
+2.50.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2026-34982.patch b/meta/recipes-support/vim/files/CVE-2026-34982.patch
new file mode 100644
index 00000000000..e896f3b44d5
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-34982.patch
@@ -0,0 +1,105 @@
+From 75661a66a1db1e1f3f1245c615f13a7de44c0587 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Tue, 31 Mar 2026 18:29:00 +0000
+Subject: [PATCH] patch 9.2.0276: [security]: modeline security bypass
+
+Problem: [security]: modeline security bypass
+Solution: disallow mapset() from secure mode, set the P_MLE flag for the
+ 'complete', 'guitabtooltip' and 'printheader' options.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-34982
+Upstream-Status: Backport [https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/map.c | 3 +++
+ src/optiondefs.h | 6 +++---
+ src/testdir/test_modeline.vim | 25 +++++++++++++++++++++++++
+ 3 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/src/map.c b/src/map.c
+index fbecf4aced..7677243625 100644
+--- a/src/map.c
++++ b/src/map.c
+@@ -2746,6 +2746,9 @@ f_mapset(typval_T *argvars, typval_T *rettv UNUSED)
+ int dict_only;
+ mapblock_T *mp_result[2] = {NULL, NULL};
+
++ if (check_secure())
++ return;
++
+ // If first arg is a dict, then that's the only arg permitted.
+ dict_only = argvars[0].v_type == VAR_DICT;
+ if (in_vim9script()
+diff --git a/src/optiondefs.h b/src/optiondefs.h
+index 77155a63e8..62d142e637 100644
+--- a/src/optiondefs.h
++++ b/src/optiondefs.h
+@@ -683,7 +683,7 @@ static struct vimoption options[] =
+ {"compatible", "cp", P_BOOL|P_RALL,
+ (char_u *)&p_cp, PV_NONE, did_set_compatible, NULL,
+ {(char_u *)TRUE, (char_u *)FALSE} SCTX_INIT},
+- {"complete", "cpt", P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_NODUP,
++ {"complete", "cpt", P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_NODUP|P_MLE,
+ (char_u *)&p_cpt, PV_CPT, did_set_complete, expand_set_complete,
+ {(char_u *)".,w,b,u,t,i", (char_u *)0L}
+ SCTX_INIT},
+@@ -1326,7 +1326,7 @@ static struct vimoption options[] =
+ {(char_u *)NULL, (char_u *)0L}
+ #endif
+ SCTX_INIT},
+- {"guitabtooltip", "gtt", P_STRING|P_VI_DEF|P_RWIN,
++ {"guitabtooltip", "gtt", P_STRING|P_VI_DEF|P_RWIN|P_MLE,
+ #if defined(FEAT_GUI_TABLINE)
+ (char_u *)&p_gtt, PV_NONE, NULL, NULL,
+ {(char_u *)"", (char_u *)0L}
+@@ -2044,7 +2044,7 @@ static struct vimoption options[] =
+ {(char_u *)NULL, (char_u *)0L}
+ #endif
+ SCTX_INIT},
+- {"printheader", "pheader", P_STRING|P_VI_DEF|P_GETTEXT,
++ {"printheader", "pheader", P_STRING|P_VI_DEF|P_GETTEXT|P_MLE,
+ #ifdef FEAT_PRINTER
+ (char_u *)&p_header, PV_NONE, NULL, NULL,
+ // untranslated to avoid problems when 'encoding'
+diff --git a/src/testdir/test_modeline.vim b/src/testdir/test_modeline.vim
+index 1f8686328a..c00032ba72 100644
+--- a/src/testdir/test_modeline.vim
++++ b/src/testdir/test_modeline.vim
+@@ -361,4 +361,29 @@ func Test_modeline_disable()
+ call assert_equal(2, &sw)
+ endfunc
+
++func Test_modeline_forbidden()
++ let tempfile = tempname()
++ let lines =<< trim END
++ some test text for completion
++ vim: set complete=F{->system('touch_should_not_run')} :
++ END
++ call writefile(lines, tempfile, 'D')
++ call assert_fails($'new {tempfile}', 'E992:')
++ bw!
++ let lines =<< trim END
++ some text
++ vim: set guitabtooltip=%{%mapset()%}:
++ END
++ call writefile(lines, tempfile)
++ call assert_fails($'new {tempfile}', 'E992:')
++ bw!
++ let lines =<< trim END
++ some text
++ vim: set printheader=%{mapset('n',0,{})%)%}:
++ END
++ call writefile(lines, tempfile, 'D')
++ call assert_fails($'new {tempfile}', 'E992:')
++ bw!
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+--
+2.35.7
+
diff --git a/meta/recipes-support/vim/files/CVE-2026-35177.patch b/meta/recipes-support/vim/files/CVE-2026-35177.patch
new file mode 100644
index 00000000000..66e5e975e4d
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-35177.patch
@@ -0,0 +1,60 @@
+From 7088926316d8d4a7572a242d0765e99adfc8b083 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Wed, 1 Apr 2026 16:23:49 +0000
+Subject: [PATCH] patch 9.2.0280: [security]: path traversal issue in zip.vim
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Problem: [security]: path traversal issue in zip.vim
+ (Michał Majchrowicz)
+Solution: Detect more such attacks and warn the user.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-35177
+Upstream-Status: Backport [https://github.com/vim/vim/commit/7088926316d8d4a7572a242d0765e99adfc8b083]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ runtime/autoload/zip.vim | 8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim
+index c46ec44708..e57fbcfde0 100644
+--- a/runtime/autoload/zip.vim
++++ b/runtime/autoload/zip.vim
+@@ -16,6 +16,7 @@
+ " 2024 Aug 21 by Vim Project: simplify condition to detect MS-Windows
+ " 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly
+ " 2025 Jul 12 by Vim Project: drop ../ on write to prevent path traversal attacks
++" 2026 Apr 01 by Vim Project: Detect more path traversal attacks
+ " License: Vim License (see vim's :help license)
+ " Copyright: Copyright (C) 2005-2019 Charles E. Campbell {{{1
+ " Permission is hereby granted to use and distribute this code,
+@@ -246,6 +247,11 @@ fun! zip#Write(fname)
+ return
+ endif
+
++ if simplify(a:fname) =~ '\.\.[/\\]'
++ call s:Mess('Error', "***error*** (zip#Write) Path Traversal Attack detected, not writing!")
++ return
++ endif
++
+ let curdir= getcwd()
+ let tmpdir= tempname()
+ if tmpdir =~ '\.'
+@@ -344,7 +350,7 @@ fun! zip#Extract()
+ if fname =~ '/$'
+ call s:Mess('Error', "***error*** (zip#Extract) Please specify a file, not a directory")
+ return
+- elseif fname =~ '^[.]\?[.]/'
++ elseif fname =~ '^[.]\?[.]/' || simplify(fname) =~ '\.\.[/\\]'
+ call s:Mess('Error', "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!")
+ return
+ endif
+--
+2.35.7
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 1396ac4fbc7..e9b5df291d2 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -22,6 +22,9 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://CVE-2026-28418.patch \
file://CVE-2026-28419.patch \
file://CVE-2026-39881.patch \
+ file://CVE-2026-34982.patch \
+ file://CVE-2026-34714.patch \
+ file://CVE-2026-35177.patch \
"
PV .= ".1683"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 11/25] vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (9 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 10/25] vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 12/25] vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130 Yoann Congal
` (13 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6]
[1] https://github.com/vim/vim/commit/65c1a143c331c886dc28888dd632708f953b4eb3
[2] https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb
[3] https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0
[4] https://nvd.nist.gov/vuln/detail/CVE-2026-28421
[5] https://nvd.nist.gov/vuln/detail/CVE-2026-41411
[6] https://nvd.nist.gov/vuln/detail/CVE-2026-44656
More info :
CVE-2026-28421 - Validate block tree indices and readfile() line bounds.
CVE-2026-41411 - Disallow backticks before attempting to expand filenames.
CVE-2026-44656 - Prevent shell execution from 'path' backticks via modelines.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../vim/files/CVE-2026-28421.patch | 148 ++++++++++++++++++
.../vim/files/CVE-2026-41411.patch | 75 +++++++++
.../vim/files/CVE-2026-44656.patch | 130 +++++++++++++++
meta/recipes-support/vim/vim.inc | 3 +
4 files changed, 356 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28421.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-41411.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-44656.patch
diff --git a/meta/recipes-support/vim/files/CVE-2026-28421.patch b/meta/recipes-support/vim/files/CVE-2026-28421.patch
new file mode 100644
index 00000000000..cd3dd1d13f7
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-28421.patch
@@ -0,0 +1,148 @@
+From 65c1a143c331c886dc28888dd632708f953b4eb3 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Mon, 23 Feb 2026 21:42:39 +0000
+Subject: [PATCH] patch 9.2.0077: [security]: Crash when recovering a corrupted
+ swap file
+
+Problem: memline: a crafted swap files with bogus pe_page_count/pe_bnum
+ values could cause a multi-GB allocation via mf_get(), and
+ invalid pe_old_lnum/pe_line_count values could cause a SEGV
+ when passed to readfile() (ehdgks0627, un3xploitable)
+Solution: Add bounds checks on pe_page_count and pe_bnum against
+ mf_blocknr_max before descending into the block tree, and
+ validate pe_old_lnum >= 1 and pe_line_count > 0 before calling
+ readfile().
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-28421
+Upstream-Status: Backport [https://github.com/vim/vim/commit/65c1a143c331c886dc28888dd632708f953b4eb3]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/memline.c | 29 ++++++++++++++++++++++++++--
+ src/po/vim.pot | 5 ++++-
+ src/testdir/test_recover.vim | 37 ++++++++++++++++++++++++++++++++++++
+ 3 files changed, 68 insertions(+), 3 deletions(-)
+
+diff --git a/src/memline.c b/src/memline.c
+index b93eb0a..15ac203 100644
+--- a/src/memline.c
++++ b/src/memline.c
+@@ -1597,8 +1597,12 @@ ml_recover(int checkext)
+ if (!cannot_open)
+ {
+ line_count = pp->pb_pointer[idx].pe_line_count;
+- if (readfile(curbuf->b_ffname, NULL, lnum,
+- pp->pb_pointer[idx].pe_old_lnum - 1,
++ linenr_T pe_old_lnum = pp->pb_pointer[idx].pe_old_lnum;
++ // Validate pe_line_count and pe_old_lnum from the
++ // untrusted swap file before passing to readfile().
++ if (line_count <= 0 || pe_old_lnum < 1 ||
++ readfile(curbuf->b_ffname, NULL, lnum,
++ pe_old_lnum - 1,
+ line_count, NULL, 0) != OK)
+ cannot_open = TRUE;
+ else
+@@ -1629,6 +1633,27 @@ ml_recover(int checkext)
+ bnum = pp->pb_pointer[idx].pe_bnum;
+ line_count = pp->pb_pointer[idx].pe_line_count;
+ page_count = pp->pb_pointer[idx].pe_page_count;
++ // Validate pe_bnum and pe_page_count from the untrusted
++ // swap file before passing to mf_get(), which uses
++ // page_count to calculate allocation size. A bogus value
++ // (e.g. 0x40000000) would cause a multi-GB allocation.
++ // pe_page_count must be >= 1 and bnum + page_count must
++ // not exceed the number of pages in the swap file.
++ if (page_count < 1
++ || bnum + page_count > mfp->mf_blocknr_max + 1)
++ {
++ ++error;
++ ml_append(lnum++,
++ (char_u *)_("???ILLEGAL BLOCK NUMBER"),
++ (colnr_T)0, TRUE);
++ // Skip this entry and pop back up the stack to keep
++ // recovering whatever else we can.
++ idx = ip->ip_index + 1;
++ bnum = ip->ip_bnum;
++ page_count = 1;
++ --buf->b_ml.ml_stack_top;
++ continue;
++ }
+ idx = 0;
+ continue;
+ }
+diff --git a/src/po/vim.pot b/src/po/vim.pot
+index 9608271..be79cf0 100644
+--- a/src/po/vim.pot
++++ b/src/po/vim.pot
+@@ -8,7 +8,7 @@ msgid ""
+ msgstr ""
+ "Project-Id-Version: Vim\n"
+ "Report-Msgid-Bugs-To: vim-dev@vim.org\n"
+-"POT-Creation-Date: 2026-04-30 12:40+0200\n"
++"POT-Creation-Date: 2026-02-27 21:04+0000\n"
+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+ "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+ "Language-Team: LANGUAGE <LL@li.org>\n"
+@@ -1960,6 +1960,9 @@ msgstr ""
+ msgid "???LINES MISSING"
+ msgstr ""
+
++msgid "???ILLEGAL BLOCK NUMBER"
++msgstr ""
++
+ msgid "???BLOCK MISSING"
+ msgstr ""
+
+diff --git a/src/testdir/test_recover.vim b/src/testdir/test_recover.vim
+index db59223..93425f1 100644
+--- a/src/testdir/test_recover.vim
++++ b/src/testdir/test_recover.vim
+@@ -471,4 +471,41 @@ func Test_noname_buffer()
+ call assert_equal(['one', 'two'], getline(1, '$'))
+ endfunc
+
++" Test for recovering a corrupted swap file, those caused a crash
++func Test_recover_corrupted_swap_file1()
++ CheckUnix
++ " only works correctly on 64bit Unix systems:
++ if v:sizeoflong != 8 || !has('unix')
++ throw 'Skipped: Corrupt Swap file sample requires a 64bit Unix build'
++ endif
++ " Test 1: Heap buffer-overflow
++ new
++ let sample = 'samples/recover-crash1.swp'
++ let target = 'Xpoc1.swp'
++ call filecopy(sample, target)
++ try
++ sil recover! Xpoc1
++ catch /^Vim\%((\S\+)\)\=:E1364:/
++ endtry
++ let content = getline(1, '$')->join()
++ call assert_match('???ILLEGAL BLOCK NUMBER', content)
++ call delete(target)
++ bw!
++"
++" " Test 2: Segfault
++ new
++ let sample = 'samples/recover-crash2.swp'
++ let target = 'Xpoc2.swp'
++ call filecopy(sample, target)
++ try
++ sil recover! Xpoc2
++ catch /^Vim\%((\S\+)\)\=:E1364:/
++ endtry
++ let content = getline(1, '$')->join()
++ call assert_match('???ILLEGAL BLOCK NUMBER', content)
++ call assert_match('???LINES MISSING', content)
++ call delete(target)
++ bw!
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2026-41411.patch b/meta/recipes-support/vim/files/CVE-2026-41411.patch
new file mode 100644
index 00000000000..11a34f4087f
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-41411.patch
@@ -0,0 +1,75 @@
+From c78194e41d5a0b05b0ddf383b6679b1503f977fb Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Wed, 15 Apr 2026 20:17:17 +0000
+Subject: [PATCH] patch 9.2.0357: [security]: command injection via backticks
+ in tag files
+
+Problem: [security]: command injection via backticks in tag files
+ (Srinivas Piskala Ganesh Babu, Andy Ngo)
+Solution: Disallow backticks before attempting to expand filenames.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8
+
+Supported by AI
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-41411
+Upstream-Status: Backport [https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/tag.c | 4 +++-
+ src/testdir/test_tagjump.vim | 22 ++++++++++++++++++++++
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/src/tag.c b/src/tag.c
+index d3a7399..0e203f0 100644
+--- a/src/tag.c
++++ b/src/tag.c
+@@ -4126,8 +4126,10 @@ expand_tag_fname(char_u *fname, char_u *tag_fname, int expand)
+
+ /*
+ * Expand file name (for environment variables) when needed.
++ * Disallow backticks, they could execute arbitrary shell
++ * commands. This is not needed for tag filenames.
+ */
+- if (expand && mch_has_wildcard(fname))
++ if (expand && mch_has_wildcard(fname) && vim_strchr(fname, '`') == NULL)
+ {
+ ExpandInit(&xpc);
+ xpc.xp_context = EXPAND_FILES;
+diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim
+index 47618d0..a95b8b5 100644
+--- a/src/testdir/test_tagjump.vim
++++ b/src/testdir/test_tagjump.vim
+@@ -1670,4 +1670,26 @@ func Test_tag_excmd_with_number_vim9script()
+ bwipe!
+ endfunc
+
++" Test that backtick expressions in tag filenames are not expanded.
++" This prevents command injection via malicious tags files.
++func Test_tag_backtick_filename_not_expanded()
++ let pwned_file = 'Xtags_pwnd'
++ call assert_false(filereadable(pwned_file))
++
++ let tagline = "main\t`touch " .. pwned_file .. "`\t/^int main/;\"\tf"
++ call writefile([tagline], 'Xbt_tags', 'D')
++ call writefile(['int main(int argc, char **argv) {', '}'], 'Xbt_main.c', 'D')
++
++ set tags=Xbt_tags
++ sp Xbt_main.c
++
++ " The :tag command should fail to find the file, but must NOT execute
++ " the backtick shell command.
++ call assert_fails('tag main', 'E429:')
++ call assert_false(filereadable(pwned_file))
++
++ set tags&
++ bwipe!
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2026-44656.patch b/meta/recipes-support/vim/files/CVE-2026-44656.patch
new file mode 100644
index 00000000000..70cd72b098b
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-44656.patch
@@ -0,0 +1,130 @@
+From 190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Sun, 3 May 2026 16:10:03 +0000
+Subject: [PATCH] patch 9.2.0435: [security]: backticks in 'path' may cause
+ shell execution on completion
+
+Problem: [security]: Backticks enclosed shell commands in the 'path'
+ option value are executed during completion (q1uf3ng).
+Solution: Skip path entries containing backticks, add P_SECURE to 'path'
+ option, so that it cannot be set from a modeline (for symmetry with
+ the 'cdpath' option)
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg
+
+Supported by AI.
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+CVE: CVE-2026-44656
+Upstream-Status: Backport [https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ runtime/doc/options.txt | 5 ++++-
+ src/findfile.c | 4 ++++
+ src/optiondefs.h | 2 +-
+ src/testdir/test_find_complete.vim | 17 +++++++++++++++++
+ src/testdir/test_modeline.vim | 14 ++++++++++++++
+ 5 files changed, 40 insertions(+), 2 deletions(-)
+
+diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
+index 8dba6f4..d06411f 100644
+--- a/runtime/doc/options.txt
++++ b/runtime/doc/options.txt
+@@ -1,4 +1,4 @@
+-*options.txt* For Vim version 9.1. Last change: 2025 Aug 23
++*options.txt* For Vim version 9.2. Last change: 2026 May 03
+
+
+ VIM REFERENCE MANUAL by Bram Moolenaar
+@@ -6615,6 +6615,9 @@ A jump table for the options with a short description can be found at |Q_op|.
+ < Replace the ';' with a ':' or whatever separator is used. Note that
+ this doesn't work when $INCL contains a comma or white space.
+
++ This option cannot be set from a |modeline| or in the |sandbox|, for
++ security reasons.
++
+ *'perldll'*
+ 'perldll' string (default depends on the build)
+ global
+diff --git a/src/findfile.c b/src/findfile.c
+index 008338c..f73a66b 100644
+--- a/src/findfile.c
++++ b/src/findfile.c
+@@ -2412,6 +2412,10 @@ expand_path_option(
+ {
+ buflen = copy_option_part(&path_option, buf, MAXPATHL, " ,");
+
++ // do not expand backticks, could have been set via a modeline
++ if (vim_strchr(buf, '`') != NULL)
++ continue;
++
+ if (buf[0] == '.' && (buf[1] == NUL || vim_ispathsep(buf[1])))
+ {
+ size_t plen;
+diff --git a/src/optiondefs.h b/src/optiondefs.h
+index bd02d04..72d3f36 100644
+--- a/src/optiondefs.h
++++ b/src/optiondefs.h
+@@ -1957,7 +1957,7 @@ static struct vimoption options[] =
+ (char_u *)&p_pm, PV_NONE,
+ did_set_backupext_or_patchmode, NULL,
+ {(char_u *)"", (char_u *)0L} SCTX_INIT},
+- {"path", "pa", P_STRING|P_EXPAND|P_VI_DEF|P_COMMA|P_NODUP,
++ {"path", "pa", P_STRING|P_EXPAND|P_VI_DEF|P_SECURE|P_COMMA|P_NODUP,
+ (char_u *)&p_path, PV_PATH, NULL, NULL,
+ {
+ #if defined(AMIGA) || defined(MSWIN)
+diff --git a/src/testdir/test_find_complete.vim b/src/testdir/test_find_complete.vim
+index 079fb78..8b8b71c 100644
+--- a/src/testdir/test_find_complete.vim
++++ b/src/testdir/test_find_complete.vim
+@@ -161,4 +161,21 @@ func Test_find_complete()
+ set path&
+ endfunc
+
++" Verify that backticks in 'path' are not executed
++func Test_find_completion_backtick_in_path()
++ CheckUnix
++ CheckExecutable id
++
++ new Xpoc.c
++ setl path+=`id>Xrce_marker`
++ " Triggering completion must not execute the backtick command.
++ call getcompletion('', 'file_in_path')
++ call assert_false(filereadable('Xrce_marker'))
++ call feedkeys(":find \t\n", "xt")
++ call assert_false(filereadable('Xrce_marker'))
++
++ bwipe!
++ call delete('Xrce_marker')
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/testdir/test_modeline.vim b/src/testdir/test_modeline.vim
+index c00032b..fc11cc6 100644
+--- a/src/testdir/test_modeline.vim
++++ b/src/testdir/test_modeline.vim
+@@ -386,4 +386,18 @@ func Test_modeline_forbidden()
+ bw!
+ endfunc
+
++" Verify that backticks in 'path' set from a modeline are not executed
++func Test_path_modeline()
++ let lines =<< trim END
++ // vim: set path+=foobar :
++ END
++ call writefile(lines, 'Xpoc.c', 'D')
++
++ set nomodelinestrict modeline
++ call assert_fails('split Xpoc.c', 'E520:')
++
++ bwipe!
++ set modelinestrict& modeline&
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index e9b5df291d2..b7cdd61c93e 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -25,6 +25,9 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://CVE-2026-34982.patch \
file://CVE-2026-34714.patch \
file://CVE-2026-35177.patch \
+ file://CVE-2026-44656.patch \
+ file://CVE-2026-41411.patch \
+ file://CVE-2026-28421.patch \
"
PV .= ".1683"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 12/25] vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (10 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 11/25] vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 13/25] vim: Security fix for CVE-2026-28420 & CVE-2026-46483 Yoann Congal
` (12 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6]
[1] https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1
[2] https://github.com/vim/vim/commit/36d6e87542cf823d833e451e09a90ee429899cec
[3] https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8
[4] https://nvd.nist.gov/vuln/detail/CVE-2026-28417
[5] https://nvd.nist.gov/vuln/detail/CVE-2026-32249
[6] https://nvd.nist.gov/vuln/detail/CVE-2026-45130
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../vim/files/CVE-2026-28417.patch | 92 ++++++++++++++
.../vim/files/CVE-2026-32249.patch | 117 ++++++++++++++++++
.../vim/files/CVE-2026-45130.patch | 115 +++++++++++++++++
meta/recipes-support/vim/vim.inc | 3 +
4 files changed, 327 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28417.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-32249.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-45130.patch
diff --git a/meta/recipes-support/vim/files/CVE-2026-28417.patch b/meta/recipes-support/vim/files/CVE-2026-28417.patch
new file mode 100644
index 00000000000..c36bd9c2344
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-28417.patch
@@ -0,0 +1,92 @@
+From 79348dbbc09332130f4c86045e1541d68514fcc1 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Sun, 22 Feb 2026 21:24:48 +0000
+Subject: [PATCH] patch 9.2.0073: [security]: possible command injection using
+ netrw
+
+Problem: [security]: Insufficient validation of hostname and port in
+ netrw URIs allows command injection via shell metacharacters
+ (ehdgks0627, un3xploitable).
+Solution: Implement stricter RFC1123 hostname and IP validation.
+ Use shellescape() for the provided hostname and port.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1]
+CVE: CVE-2026-28417
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ .../pack/dist/opt/netrw/autoload/netrw.vim | 34 +++++++++++++------
+ 1 file changed, 24 insertions(+), 10 deletions(-)
+
+diff --git a/runtime/pack/dist/opt/netrw/autoload/netrw.vim b/runtime/pack/dist/opt/netrw/autoload/netrw.vim
+index 1c98104..7ebcd92 100644
+--- a/runtime/pack/dist/opt/netrw/autoload/netrw.vim
++++ b/runtime/pack/dist/opt/netrw/autoload/netrw.vim
+@@ -5,6 +5,7 @@
+ " 2025 Aug 07 by Vim Project (use correct "=~#" for netrw_stylesize option #17901)
+ " 2025 Aug 07 by Vim Project (netrw#BrowseX() distinguishes remote files #17794)
+ " 2025 Aug 22 by Vim Project netrw#Explore handle terminal correctly #18069
++" 2026 Feb 27 by Vim Project Make the hostname validation more strict
+ " Copyright: Copyright (C) 2016 Charles E. Campbell {{{1
+ " Permission is hereby granted to use and distribute this code,
+ " with or without modifications, provided that this copyright
+@@ -2575,13 +2576,26 @@ endfunction
+
+ " s:NetrwValidateHostname: Validate that the hostname is valid {{{2
+ " Input:
+-" hostname
++" hostname, may include an optional username, e.g. user@hostname
++" allow a alphanumeric hostname or an IPv(4/6) address
+ " Output:
+ " true if g:netrw_machine is valid according to RFC1123 #Section 2
+ function s:NetrwValidateHostname(hostname)
+- " RFC1123#section-2 mandates, a valid hostname starts with letters or digits
+- " so reject everyhing else
+- return a:hostname =~? '^[a-z0-9]'
++ " Username:
++ let user_pat = '\%([a-zA-Z0-9._-]\+@\)\?'
++ " Hostname: 1-64 chars, alphanumeric/dots/hyphens.
++ " No underscores. No leading/trailing dots/hyphens.
++ let host_pat = '[a-zA-Z0-9]\%([-a-zA-Z0-9.]{,62}[a-zA-Z0-9]\)\?$'
++
++ " IPv4: 1-3 digits separated by dots
++ let ipv4_pat = '\%(\d\{1,3}\.\)\{3\}\d\{1,3\}$'
++
++ " IPv6: Hex, colons, and optional brackets
++ let ipv6_pat = '\[\?\%([a-fA-F0-9:]\{2,}\)\+\]\?$'
++
++ return a:hostname =~? '^'.user_pat.host_pat ||
++ \ a:hostname =~? '^'.user_pat.ipv4_pat ||
++ \ a:hostname =~? '^'.user_pat.ipv6_pat
+ endfunction
+
+ " NetUserPass: set username and password for subsequent ftp transfer {{{2
+@@ -8948,15 +8962,15 @@ endfunction
+ " s:MakeSshCmd: transforms input command using USEPORT HOSTNAME into {{{2
+ " a correct command for use with a system() call
+ function s:MakeSshCmd(sshcmd)
+- if s:user == ""
+- let sshcmd = substitute(a:sshcmd,'\<HOSTNAME\>',s:machine,'')
+- else
+- let sshcmd = substitute(a:sshcmd,'\<HOSTNAME\>',s:user."@".s:machine,'')
++ let machine = shellescape(s:machine, 1)
++ if s:user != ''
++ let machine = shellescape(s:user, 1).'@'.machine
+ endif
++ let sshcmd = substitute(a:sshcmd,'\<HOSTNAME\>',machine,'')
+ if exists("g:netrw_port") && g:netrw_port != ""
+- let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.g:netrw_port,'')
++ let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.shellescape(g:netrw_port,1),'')
+ elseif exists("s:port") && s:port != ""
+- let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.s:port,'')
++ let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.shellescape(s:port,1),'')
+ else
+ let sshcmd= substitute(sshcmd,"USEPORT ",'','')
+ endif
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2026-32249.patch b/meta/recipes-support/vim/files/CVE-2026-32249.patch
new file mode 100644
index 00000000000..18691c3f4ce
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-32249.patch
@@ -0,0 +1,117 @@
+From 36d6e87542cf823d833e451e09a90ee429899cec Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Wed, 11 Mar 2026 14:16:29 +0100
+Subject: [PATCH] patch 9.2.0137: [security]: crash with composing char in
+ collection range
+
+Problem: Using a composing character as the end of a range inside a
+ collection may corrupt the NFA postfix stack
+ (Nathan Mills, after v9.1.0011)
+Solution: When a character is used as the endpoint of a range, do not emit
+ its composing characters separately. Range handling only uses
+ the base codepoint.
+
+supported by AI
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/36d6e87542cf823d833e451e09a90ee429899cec]
+CVE: CVE-2026-32249
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/regexp_nfa.c | 17 +++++++++++++++--
+ src/testdir/test_regexp_utf8.vim | 19 +++++++++++++++++++
+ 2 files changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
+index 6ad682b..7905ec1 100644
+--- a/src/regexp_nfa.c
++++ b/src/regexp_nfa.c
+@@ -1765,6 +1765,7 @@ collection:
+ if (*endp == ']')
+ {
+ int plen;
++ bool range_endpoint;
+ /*
+ * Try to reverse engineer character classes. For example,
+ * recognize that [0-9] stands for \d and [A-Za-z_] for \h,
+@@ -1812,6 +1813,7 @@ collection:
+ while (regparse < endp)
+ {
+ int oldstartc = startc;
++ range_endpoint = false;
+
+ startc = -1;
+ got_coll_char = FALSE;
+@@ -1975,6 +1977,7 @@ collection:
+ if (emit_range)
+ {
+ int endc = startc;
++ range_endpoint = true;
+
+ startc = oldstartc;
+ if (startc > endc)
+@@ -2053,7 +2056,14 @@ collection:
+ }
+ }
+
+- if (enc_utf8 && (utf_ptr2len(regparse) != (plen = utfc_ptr2len(regparse))))
++ //
++ // If this character was consumed as the end of a range, do not emit its
++ // composing characters separately. Range handling only uses the base
++ // codepoint; emitting the composing part again would duplicate the
++ // character in the postfix stream and corrupt the NFA stack.
++ //
++ if (!range_endpoint && enc_utf8 &&
++ (utf_ptr2len(regparse) != (plen = utfc_ptr2len(regparse))))
+ {
+ int i = utf_ptr2len(regparse);
+
+@@ -3187,7 +3197,10 @@ nfa_max_width(nfa_state_T *startstate, int depth)
+ ++len;
+ if (state->c != NFA_ANY)
+ {
+- // skip over the characters
++ // Skip over the compiled collection.
++ // malformed NFAs must not crash width estimation.
++ if (state->out1 == NULL || state->out1->out == NULL)
++ return -1;
+ state = state->out1->out;
+ continue;
+ }
+diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim
+index a4353f1..3b58416 100644
+--- a/src/testdir/test_regexp_utf8.vim
++++ b/src/testdir/test_regexp_utf8.vim
+@@ -615,6 +615,25 @@ func Test_search_multibyte_match_ascii()
+ call assert_equal(['ſſ','ſ'], noic_match3, "No-Ignorecase Collection Regex-engine: " .. &re)
+ endfor
+ bw!
++ set ignorecase&vim re&vim
++endfun
++
++func Test_regex_collection_range_with_composing_crash()
++ " Regression test: composing char in collection range caused NFA crash/E874
++ new
++ call setline(1, ['00', '0ֻ', '01'])
++ let patterns = [ '0[0-0ֻ]\@<!','0[0ֻ]\@<!']
++
++ for pat in patterns
++ " Should compile and execute without crash or error
++ for re in range(3)
++ let regex = '\%#=' .. re .. pat
++ call search(regex)
++ call assert_fails($"/{regex}\<cr>", 'E486:')
++ endfor
++ endfor
++
++ bwipe!
+ endfunc
+
+ " vim: shiftwidth=2 sts=2 expandtab
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2026-45130.patch b/meta/recipes-support/vim/files/CVE-2026-45130.patch
new file mode 100644
index 00000000000..0a1a93de99b
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-45130.patch
@@ -0,0 +1,115 @@
+From 92993329178cb1f72d700fff45ca86e1c2d369f8 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Wed, 6 May 2026 20:50:00 +0200
+Subject: [PATCH] patch 9.2.0450: [security]: heap buffer overflow in
+ spellfile.c read_compound()
+
+Problem: read_compound() in spellfile.c computes the size of the regex
+ pattern buffer using signed-int arithmetic on the attacker
+ controlled SN_COMPOUND sectionlen. With sectionlen=0x40000008
+ and UTF-8 encoding active the multiplication wraps to 27 while
+ the per-byte loop writes up to ~1B bytes, overflowing the heap.
+ Reachable when loading a crafted .spl file (e.g. via 'set spell'
+ after a modeline sets 'spelllang'). The cp/ap/crp allocations
+ have the same int + 1 overflow class (Daniel Cervera)
+Solution: Use type size_t as buffer size and reject values larger than
+ COMPOUND_MAX_LEN (100000). Apply the same size_t treatment to
+ the cp/ap/crp allocations.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv
+
+Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8]
+CVE: CVE-2026-45130
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/spellfile.c | 20 ++++++++++++++------
+ src/testdir/test_spellfile.vim | 4 ++++
+ 2 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/src/spellfile.c b/src/spellfile.c
+index 0b9536d..768e9fd 100644
+--- a/src/spellfile.c
++++ b/src/spellfile.c
+@@ -296,6 +296,9 @@
+ #define CF_WORD 0x01
+ #define CF_UPPER 0x02
+
++// Max allowed length for COMPOUND section
++#define COMPOUND_MAX_LEN 100000
++
+ /*
+ * Loop through all the siblings of a node (including the node)
+ */
+@@ -1225,6 +1228,8 @@ read_compound(FILE *fd, slang_T *slang, int len)
+ char_u *crp;
+ int cnt;
+ garray_T *gap;
++ size_t patsize;
++ size_t flagsize;
+
+ if (todo < 2)
+ return SP_FORMERROR; // need at least two bytes
+@@ -1281,16 +1286,19 @@ read_compound(FILE *fd, slang_T *slang, int len)
+ // "a[bc]/a*b+" -> "^\(a[bc]\|a*b\+\)$".
+ // Inserting backslashes may double the length, "^\(\)$<Nul>" is 7 bytes.
+ // Conversion to utf-8 may double the size.
+- c = todo * 2 + 7;
++ if ((size_t)todo > COMPOUND_MAX_LEN)
++ return SP_FORMERROR;
++ patsize = (size_t)todo * 2 + 7;
+ if (enc_utf8)
+- c += todo * 2;
+- pat = alloc(c);
++ patsize += (size_t)todo * 2;
++ flagsize = (size_t)todo + 1;
++ pat = alloc(patsize);
+ if (pat == NULL)
+ return SP_OTHERERROR;
+
+ // We also need a list of all flags that can appear at the start and one
+ // for all flags.
+- cp = alloc(todo + 1);
++ cp = alloc(flagsize);
+ if (cp == NULL)
+ {
+ vim_free(pat);
+@@ -1299,7 +1307,7 @@ read_compound(FILE *fd, slang_T *slang, int len)
+ slang->sl_compstartflags = cp;
+ *cp = NUL;
+
+- ap = alloc(todo + 1);
++ ap = alloc(flagsize);
+ if (ap == NULL)
+ {
+ vim_free(pat);
+@@ -1311,7 +1319,7 @@ read_compound(FILE *fd, slang_T *slang, int len)
+ // And a list of all patterns in their original form, for checking whether
+ // compounding may work in match_compoundrule(). This is freed when we
+ // encounter a wildcard, the check doesn't work then.
+- crp = alloc(todo + 1);
++ crp = alloc(flagsize);
+ slang->sl_comprules = crp;
+
+ pp = pat;
+diff --git a/src/testdir/test_spellfile.vim b/src/testdir/test_spellfile.vim
+index b72974e..d345492 100644
+--- a/src/testdir/test_spellfile.vim
++++ b/src/testdir/test_spellfile.vim
+@@ -334,6 +334,10 @@ func Test_spellfile_format_error()
+ " SN_COMPOUND: incorrect comppatlen
+ call Spellfile_Test(0z080000000007040101000000020165, 'E758:')
+
++ " SN_COMPOUND: oversized sectionlen
++ let v = eval('0z08004000000803010161' .. repeat('61', 50) .. 'FF')
++ call Spellfile_Test(v, 'E759:')
++
+ " SN_INFO: missing info
+ call Spellfile_Test(0z0F0000000005040101, '')
+
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index b7cdd61c93e..53590befc4d 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -28,6 +28,9 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://CVE-2026-44656.patch \
file://CVE-2026-41411.patch \
file://CVE-2026-28421.patch \
+ file://CVE-2026-32249.patch \
+ file://CVE-2026-28417.patch \
+ file://CVE-2026-45130.patch \
"
PV .= ".1683"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 13/25] vim: Security fix for CVE-2026-28420 & CVE-2026-46483
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (11 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 12/25] vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 14/25] perl: patch CVE-2026-8376 Yoann Congal
` (11 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Pick patch from [1] & [2] also mentioned at NVD report in 3 & 4
[1] https://github.com/vim/vim/commit/bb6de2105b160e729c340631435cd62f3e69bd32
[2] https://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1
[3] https://nvd.nist.gov/vuln/detail/CVE-2026-28420
[4] https://nvd.nist.gov/vuln/detail/CVE-2026-46483
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../vim/files/CVE-2026-28420.patch | 162 ++++++++++++++++++
.../vim/files/CVE-2026-46483.patch | 77 +++++++++
meta/recipes-support/vim/vim.inc | 2 +
3 files changed, 241 insertions(+)
create mode 100644 meta/recipes-support/vim/files/CVE-2026-28420.patch
create mode 100644 meta/recipes-support/vim/files/CVE-2026-46483.patch
diff --git a/meta/recipes-support/vim/files/CVE-2026-28420.patch b/meta/recipes-support/vim/files/CVE-2026-28420.patch
new file mode 100644
index 00000000000..f5b2f42f6ad
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-28420.patch
@@ -0,0 +1,162 @@
+From bb6de2105b160e729c340631435cd62f3e69bd32 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Mon, 23 Feb 2026 20:29:43 +0000
+Subject: [PATCH] patch 9.2.0076: [security]: buffer-overflow in terminal
+ handling
+
+Problem: When processing terminal output with many combining characters
+ from supplementary planes (4-byte UTF-8), a heap-buffer
+ overflow occurs. Additionally, the loop iterating over
+ cell characters can read past the end of the vterm array
+ (ehdgks0627, un3xploitable).
+Solution: Use VTERM_MAX_CHARS_PER_CELL * 4 for ga_grow() to ensure
+ sufficient space. Add a boundary check to the character
+ loop to prevent index out-of-bounds access.
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/bb6de2105b160e729c340631435cd62f3e69bd32]
+CVE: CVE-2026-28420
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/terminal.c | 5 +-
+ .../samples/terminal_max_combining_chars.txt | 80 +++++++++++++++++++
+ src/testdir/test_terminal3.vim | 14 ++++
+ 3 files changed, 97 insertions(+), 2 deletions(-)
+ create mode 100644 src/testdir/samples/terminal_max_combining_chars.txt
+
+diff --git a/src/terminal.c b/src/terminal.c
+index 921b234..78990ac 100644
+--- a/src/terminal.c
++++ b/src/terminal.c
+@@ -3533,12 +3533,13 @@ handle_pushline(int cols, const VTermScreenCell *cells, void *user)
+ {
+ for (col = 0; col < len; col += cells[col].width)
+ {
+- if (ga_grow(&ga, MB_MAXBYTES) == FAIL)
++ if (ga_grow(&ga, VTERM_MAX_CHARS_PER_CELL * 4) == FAIL)
+ {
+ ga.ga_len = 0;
+ break;
+ }
+- for (i = 0; (c = cells[col].chars[i]) > 0 || i == 0; ++i)
++ for (i = 0; i < VTERM_MAX_CHARS_PER_CELL &&
++ ((c = cells[col].chars[i]) > 0 || i == 0); ++i)
+ ga.ga_len += utf_char2bytes(c == NUL ? ' ' : c,
+ (char_u *)ga.ga_data + ga.ga_len);
+ cell2cellattr(&cells[col], &p[col]);
+diff --git a/src/testdir/samples/terminal_max_combining_chars.txt b/src/testdir/samples/terminal_max_combining_chars.txt
+new file mode 100644
+index 0000000..a4f508d
+--- /dev/null
++++ b/src/testdir/samples/terminal_max_combining_chars.txt
+@@ -0,0 +1,80 @@
++padding line 000
++padding line 001
++padding line 002
++padding line 003
++padding line 004
++padding line 005
++padding line 006
++padding line 007
++padding line 008
++padding line 009
++padding line 010
++padding line 011
++padding line 012
++padding line 013
++padding line 014
++padding line 015
++padding line 016
++padding line 017
++padding line 018
++padding line 019
++padding line 020
++padding line 021
++padding line 022
++padding line 023
++padding line 024
++padding line 025
++padding line 026
++padding line 027
++padding line 028
++padding line 029
++padding line 030
++padding line 031
++padding line 032
++padding line 033
++padding line 034
++padding line 035
++padding line 036
++padding line 037
++padding line 038
++padding line 039
++padding line 040
++padding line 041
++padding line 042
++padding line 043
++padding line 044
++padding line 045
++padding line 046
++padding line 047
++padding line 048
++padding line 049
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
++AAAAAAAAAAAAAAAAAAAAAAAAAAAA𐀀󠄀󠄁󠄂󠄃󠄄
+diff --git a/src/testdir/test_terminal3.vim b/src/testdir/test_terminal3.vim
+index 218b4e6..cb1946f 100644
+--- a/src/testdir/test_terminal3.vim
++++ b/src/testdir/test_terminal3.vim
+@@ -1037,4 +1037,18 @@ func Test_terminal_visual_empty_listchars()
+ call StopVimInTerminal(buf)
+ endfunc
+
++func Test_terminal_max_combining_chars()
++ " somehow doesn't work on MS-Windows
++ CheckUnix
++ let cmd = "cat samples/terminal_max_combining_chars.txt\<CR>"
++ let buf = Run_shell_in_terminal({'term_rows': 15, 'term_cols': 35})
++ call TermWait(buf)
++ call term_sendkeys(buf, cmd)
++ " last char is a space with many combining chars
++ call WaitForAssert({-> assert_match("AAAAAAAAAAAAAAAAAAAAAAAAAAAA.", term_getline(buf, 14))})
++
++ call term_sendkeys(buf, "exit\r")
++ exe buf . "bwipe!"
++endfunc
++
+ " vim: shiftwidth=2 sts=2 expandtab
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/files/CVE-2026-46483.patch b/meta/recipes-support/vim/files/CVE-2026-46483.patch
new file mode 100644
index 00000000000..2fc6f80c257
--- /dev/null
+++ b/meta/recipes-support/vim/files/CVE-2026-46483.patch
@@ -0,0 +1,77 @@
+From 3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Thu, 14 May 2026 15:35:28 +0000
+Subject: [PATCH] patch 9.2.0479: [security]: runtime(tar): command injection
+ in tar plugin
+
+Problem: [security]: runtime(tar): command injection in tar plugin
+ (Christopher Lusk)
+Solution: Use the correct shellescape(args, 1) form for a :! command
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1]
+CVE: CVE-2026-46483
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ runtime/autoload/tar.vim | 5 +++--
+ src/testdir/test_plugin_tar.vim | 19 +++++++++++++++++++
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim
+index 74a5b38..95d2be0 100644
+--- a/runtime/autoload/tar.vim
++++ b/runtime/autoload/tar.vim
+@@ -18,6 +18,7 @@
+ " 2025 May 19 by Vim Project: restore working directory after read/write
+ " 2025 Jul 13 by Vim Project: warn with path traversal attacks
+ " 2025 Jul 16 by Vim Project: update minimum vim version
++" 2026 May 14 by Vim Project: use correct shellescape() call in Vimuntar()
+ "
+ " Contains many ideas from Michael Toren's <tar.vim>
+ "
+@@ -800,9 +801,9 @@ fun! tar#Vimuntar(...)
+ " if necessary, decompress the tarball; then, extract it
+ if tartail =~ '\.tgz'
+ if executable("gunzip")
+- silent exe "!gunzip ".shellescape(tartail)
++ silent exe "!gunzip ".shellescape(tartail, 1)
+ elseif executable("gzip")
+- silent exe "!gzip -d ".shellescape(tartail)
++ silent exe "!gzip -d ".shellescape(tartail, 1)
+ else
+ echoerr "unable to decompress<".tartail."> on this system"
+ if simplify(curdir) != simplify(tarhome)
+diff --git a/src/testdir/test_plugin_tar.vim b/src/testdir/test_plugin_tar.vim
+index ebf74d7..8e776a4 100644
+--- a/src/testdir/test_plugin_tar.vim
++++ b/src/testdir/test_plugin_tar.vim
+@@ -126,3 +126,22 @@ def g:Test_tar_evil()
+
+ bw!
+ enddef
++
++def g:Test_extract_command_injection()
++ CheckExecutable gunzip
++ CheckExecutable touch
++ var tgz = eval('0z1F8B08087795056A000364756D6D792E74617200EDCE2B12C2300004D01C254' ..
++ '7480269CE534080A8495BD1DBF3996106C3A08A7ACFACD8157B59A7690BFB4A0FC3707C666E357D' ..
++ 'E65BC8B5A47CC8A5D61A522EA5B510D3CEBF5ED679197B8CE17CEDB7F9D4C76FBB5F3D000000000' ..
++ '000000000FCD11D32415E2C00280000')
++ var dirname = tempname()
++
++ mkdir(dirname, 'R')
++ var tar = dirname .. "/';%$(touch pwned)'.tgz"
++ writefile(tgz, tar)
++ new
++ exe "e " .. fnameescape(tar)
++ exe ":Vimuntar " .. dirname
++ assert_false(filereadable(dirname .. "/pwned"))
++ bw!
++enddef
+--
+2.34.1
+
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 53590befc4d..9a4b21f5305 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -31,6 +31,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://CVE-2026-32249.patch \
file://CVE-2026-28417.patch \
file://CVE-2026-45130.patch \
+ file://CVE-2026-46483.patch \
+ file://CVE-2026-28420.patch \
"
PV .= ".1683"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 14/25] perl: patch CVE-2026-8376
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (12 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 13/25] vim: Security fix for CVE-2026-28420 & CVE-2026-46483 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 15/25] curl: fix CVE-2026-6276 Yoann Congal
` (10 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Backport patches from [1]
[1] https://github.com/Perl/perl5/pull/24433
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../perl/files/CVE-2026-8376-01.patch | 62 +++++++++++++++++++
.../perl/files/CVE-2026-8376-02.patch | 49 +++++++++++++++
meta/recipes-devtools/perl/perl_5.38.4.bb | 2 +
3 files changed, 113 insertions(+)
create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch
diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch
new file mode 100644
index 00000000000..56ab85d2be9
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch
@@ -0,0 +1,62 @@
+From b0810dddd6b789ead00c346ead873370710f103e Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 12 May 2026 14:47:31 +1000
+Subject: [PATCH 1/2] perl/perl-security#147: test cases
+
+The suggested case from the ticket and an alternative.
+
+(cherry picked from commit e842efdafe7c51a687a4907e4887988fe6a025ef)
+
+CVE: CVE-2026-8376
+Upstream-Status: Backport [https://github.com/Perl/perl5/commit/e842efdafe7c51a687a4907e4887988fe6a025ef]
+Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
+---
+ t/re/pat_psycho.t | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t
+index 336039521d..73a7992372 100644
+--- a/t/re/pat_psycho.t
++++ b/t/re/pat_psycho.t
+@@ -10,7 +10,7 @@
+ use strict;
+ use warnings;
+ use 5.010;
+-
++use Config;
+
+ sub run_tests;
+
+@@ -31,7 +31,7 @@ BEGIN {
+
+ skip_all('$PERL_SKIP_PSYCHO_TEST set') if $ENV{PERL_SKIP_PSYCHO_TEST};
+
+-plan tests => 15; # Update this when adding/deleting tests.
++plan tests => 17; # Update this when adding/deleting tests.
+
+ run_tests() unless caller;
+
+@@ -211,6 +211,20 @@ EOF
+
+
+ }
++
++ SKIP:
++ { # sec #147
++ $Config{ptrsize} == 4
++ or skip "these only fail on x32 and use too much memory on x64", 2;
++ local $::TODO = "This crashes";
++ # original case
++ fresh_perl_like('/\x{10000}{1073741824}/',
++ qr/Regexp out of space/, {}, "ssize_t overflow");
++
++ # synthesized but similar case
++ fresh_perl_like('/(?:\x{10001}\x{10000}){536870912}/',
++ qr/Regexp out of space/, {}, "ssize_t overflow again");
++ }
+ } # End of sub run_tests
+
+ 1;
+--
+2.43.0
+
diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch
new file mode 100644
index 00000000000..08ab11d87b5
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch
@@ -0,0 +1,49 @@
+From 3cc827ca6bdb7b7cfbebe30286db57b7edae0e65 Mon Sep 17 00:00:00 2001
+From: Tony Cook <tony@develop-help.com>
+Date: Tue, 12 May 2026 14:51:00 +1000
+Subject: [PATCH 2/2] perl/perl-security#147: test against the actual character
+ lengths
+
+(cherry picked from commit 5e7f119eb2bb1181be908701f22bf7068e722f1c)
+
+CVE: CVE-2026-8376
+Upstream-Status: Backport [https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c]
+Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
+---
+ regcomp_study.c | 7 +++++++
+ t/re/pat_psycho.t | 1 -
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/regcomp_study.c b/regcomp_study.c
+index db7ab3a409..9248e1de2b 100644
+--- a/regcomp_study.c
++++ b/regcomp_study.c
+@@ -2862,6 +2862,13 @@ Perl_study_chunk(pTHX_
+ (U8 *) SvEND(data->last_found))
+ - (U8*)s;
+ l -= old;
++
++ if (l > 0 &&
++ (mincount >= SSize_t_MAX / (SSize_t)l
++ || old > SSize_t_MAX - mincount * (SSize_t)l)) {
++ FAIL("Regexp out of space");
++ }
++
+ /* Get the added string: */
+ last_str = newSVpvn_utf8(s + old, l, UTF);
+ last_chrs = UTF ? utf8_length((U8*)(s + old),
+diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t
+index 73a7992372..9fd764fd5e 100644
+--- a/t/re/pat_psycho.t
++++ b/t/re/pat_psycho.t
+@@ -216,7 +216,6 @@ EOF
+ { # sec #147
+ $Config{ptrsize} == 4
+ or skip "these only fail on x32 and use too much memory on x64", 2;
+- local $::TODO = "This crashes";
+ # original case
+ fresh_perl_like('/\x{10000}{1073741824}/',
+ qr/Regexp out of space/, {}, "ssize_t overflow");
+--
+2.43.0
+
diff --git a/meta/recipes-devtools/perl/perl_5.38.4.bb b/meta/recipes-devtools/perl/perl_5.38.4.bb
index 5ab49ed3d77..9f4cc1c4044 100644
--- a/meta/recipes-devtools/perl/perl_5.38.4.bb
+++ b/meta/recipes-devtools/perl/perl_5.38.4.bb
@@ -18,6 +18,8 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
file://determinism.patch \
file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \
file://0001-Fix-intermittent-failure-of-test-t-op-sigsystem.t.patch \
+ file://CVE-2026-8376-01.patch \
+ file://CVE-2026-8376-02.patch \
"
SRC_URI:append:class-native = " \
file://perl-configpm-switch.patch \
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 15/25] curl: fix CVE-2026-6276
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (13 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 14/25] perl: patch CVE-2026-8376 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 16/25] linux-yocto/6.6: update CVE exclusions (6.6.142) Yoann Congal
` (9 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
Backport patch to fix CVE-2026-6276.
https://nvd.nist.gov/vuln/detail/CVE-2026-6276
The upstream fix moves cookiehost from the connection-scoped aptr struct
to the per-request SingleRequest struct, preventing cookie data from
leaking across reused handles.
Adapted for curl 8.7.1:
- Use Curl_safefree (renamed to curlx_safefree in later versions)
- Use conn->host.name (changed to data->conn->host.name upstream)
- Keep existing header parsing structure (refactored upstream)
- Dropped tests
Upstream fix:
https://github.com/curl/curl/commit/3a19987a87f393d9394fe5acc7643f6c263c92db
Tested with ptest:
Before: PASSED: 857, FAILED: 0, SKIPPED: 0
After: PASSED: 857, FAILED: 0, SKIPPED: 0
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
[YC: copy the backport info from commit message into the patch file itself]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../curl/curl/CVE-2026-6276.patch | 135 ++++++++++++++++++
meta/recipes-support/curl/curl_8.7.1.bb | 1 +
2 files changed, 136 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2026-6276.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2026-6276.patch b/meta/recipes-support/curl/curl/CVE-2026-6276.patch
new file mode 100644
index 00000000000..8ac387159a4
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2026-6276.patch
@@ -0,0 +1,135 @@
+From ee81b4f4b2f8e7d1a49c92d8a470294ef7088045 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 14 Apr 2026 08:51:44 +0200
+Subject: [PATCH] urldata: move cookiehost to struct SingleRequest
+
+To make it scoped for the single request appropriately.
+
+Reported-by: Muhamad Arga Reksapati
+
+Verify with libtest 2504: a custom Host *disabled* on reused handle
+
+Closes #21312
+
+CVE: CVE-2026-6276
+Upstream-Status: Backport [https://github.com/curl/curl/commit/3a19987a87f393d9394fe5acc7643f6c263c92db]
+
+Backport changes: Adapted for curl 8.7.1:
+- Use Curl_safefree (renamed to curlx_safefree in later versions)
+- Use conn->host.name (changed to data->conn->host.name upstream)
+- Keep existing header parsing structure (refactored upstream)
+- Dropped tests
+
+Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
+---
+ lib/http.c | 16 ++++++++++------
+ lib/request.c | 3 +++
+ lib/request.h | 3 +++
+ lib/url.c | 4 +++-
+ lib/urldata.h | 1 -
+ 5 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index b80bebf..b1f6040 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -1747,7 +1747,11 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn)
+ data->state.first_remote_port = conn->remote_port;
+ data->state.first_remote_protocol = conn->handler->protocol;
+ }
++
+ Curl_safefree(aptr->host);
++#ifndef CURL_DISABLE_COOKIES
++ Curl_safefree(data->req.cookiehost);
++#endif
+
+ ptr = Curl_checkheaders(data, STRCONST("Host"));
+ if(ptr && (!data->state.this_is_a_follow ||
+@@ -1782,8 +1786,8 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn)
+ if(colon)
+ *colon = 0; /* The host must not include an embedded port number */
+ }
+- Curl_safefree(aptr->cookiehost);
+- aptr->cookiehost = cookiehost;
++ Curl_safefree(data->req.cookiehost);
++ data->req.cookiehost = cookiehost;
+ }
+ #endif
+
+@@ -2302,8 +2306,8 @@ CURLcode Curl_http_cookies(struct Curl_easy *data,
+ int count = 0;
+
+ if(data->cookies && data->state.cookie_engine) {
+- const char *host = data->state.aptr.cookiehost ?
+- data->state.aptr.cookiehost : conn->host.name;
++ const char *host = data->req.cookiehost ?
++ data->req.cookiehost : conn->host.name;
+ const bool secure_context =
+ conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) ||
+ strcasecompare("localhost", host) ||
+@@ -3121,8 +3125,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
+ if(v) {
+ /* If there is a custom-set Host: name, use it here, or else use
+ * real peer host name. */
+- const char *host = data->state.aptr.cookiehost?
+- data->state.aptr.cookiehost:conn->host.name;
++ const char *host = data->req.cookiehost?
++ data->req.cookiehost:conn->host.name;
+ const bool secure_context =
+ conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) ||
+ strcasecompare("localhost", host) ||
+diff --git a/lib/request.c b/lib/request.c
+index b3b0582..9bede2e 100644
+--- a/lib/request.c
++++ b/lib/request.c
+@@ -111,6 +111,9 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data)
+ * free this safely without leaks. */
+ Curl_safefree(req->p.http);
+ Curl_safefree(req->newurl);
++#ifndef CURL_DISABLE_COOKIES
++ Curl_safefree(req->cookiehost);
++#endif
+ Curl_client_reset(data);
+ if(req->sendbuf_init)
+ Curl_bufq_reset(&req->sendbuf);
+diff --git a/lib/request.h b/lib/request.h
+index 488fbdd..17d50a3 100644
+--- a/lib/request.h
++++ b/lib/request.h
+@@ -118,6 +118,9 @@ struct SingleRequest {
+ #ifndef CURL_DISABLE_DOH
+ struct dohdata *doh; /* DoH specific data for this request */
+ #endif
++#ifndef CURL_DISABLE_COOKIES
++ char *cookiehost;
++#endif
+ #ifndef CURL_DISABLE_COOKIES
+ unsigned char setcookies;
+ #endif
+diff --git a/lib/url.c b/lib/url.c
+index 76360c8..30f215f 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -313,7 +313,9 @@ CURLcode Curl_close(struct Curl_easy **datap)
+ Curl_safefree(data->state.aptr.rangeline);
+ Curl_safefree(data->state.aptr.ref);
+ Curl_safefree(data->state.aptr.host);
+- Curl_safefree(data->state.aptr.cookiehost);
++#ifndef CURL_DISABLE_COOKIES
++ Curl_safefree(data->req.cookiehost);
++#endif
+ Curl_safefree(data->state.aptr.rtsp_transport);
+ Curl_safefree(data->state.aptr.user);
+ Curl_safefree(data->state.aptr.passwd);
+diff --git a/lib/urldata.h b/lib/urldata.h
+index b68d023..4fc595a 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1339,7 +1339,6 @@ struct UrlState {
+ char *rangeline;
+ char *ref;
+ char *host;
+- char *cookiehost;
+ char *rtsp_transport;
+ char *te; /* TE: request header */
+
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index d0267317517..276526f01e5 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -37,6 +37,7 @@ SRC_URI = " \
file://CVE-2026-3783.patch \
file://CVE-2026-3784.patch \
file://CVE-2026-5773.patch \
+ file://CVE-2026-6276.patch \
"
SRC_URI:append:class-nativesdk = " \
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 16/25] linux-yocto/6.6: update CVE exclusions (6.6.142)
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (14 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 15/25] curl: fix CVE-2026-6276 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 17/25] binutils: Fix CVE-2026-6846 Yoann Congal
` (8 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Esa Jaaskela <esa.jaaskela@suomi24.fi>
Regenerated to fix this warning:
WARNING: linux-yocto-6.6.142+git-r0 do_cve_check: Kernel CVE status needs updating: generated for 6.6.127 but kernel is 6.6.142
$ ./meta/recipes-kernel/linux/generate-cve-exclusions.py .../cvelistV5/ 6.6.142 > meta/recipes-kernel/linux/cve-exclusion_6.6.inc
Generated at 2026-07-07 17:39:10.952928+00:00 for kernel version 6.6.142
From cvelistV5 cve_2026-07-07_1600Z
Signed-off-by: Esa Jaaskela <esa.jaaskela@suomi24.fi>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../linux/cve-exclusion_6.6.inc | 3418 +++++++++++++----
1 file changed, 2668 insertions(+), 750 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
index fcd38c56aed..2a194e7c84d 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
@@ -1,17 +1,19 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-05-27 12:02:49.732909+00:00 for kernel version 6.6.127
-# From cvelistV5 cve_2026-05-27_0900Z
+# Generated at 2026-07-07 17:39:10.952928+00:00 for kernel version 6.6.142
+# From cvelistV5 cve_2026-07-07_1600Z
python check_kernel_cve_status_version() {
- this_version = "6.6.127"
+ this_version = "6.6.142"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
}
do_cve_check[prefuncs] += "check_kernel_cve_status_version"
+# CVE-2018-10902 has no known resolution
+
CVE_STATUS[CVE-2019-25160] = "fixed-version: Fixed from version 5.0"
CVE_STATUS[CVE-2019-25162] = "fixed-version: Fixed from version 6.0"
@@ -6634,7 +6636,7 @@ CVE_STATUS[CVE-2023-52918] = "cpe-stable-backport: Backported in 6.6.48"
CVE_STATUS[CVE-2023-52919] = "fixed-version: Fixed from version 6.6"
-# CVE-2023-52920 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2023-52920] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2023-52921] = "fixed-version: Fixed from version 6.5"
@@ -9030,7 +9032,7 @@ CVE_STATUS[CVE-2023-54326] = "fixed-version: Fixed from version 6.5"
CVE_STATUS[CVE-2023-7324] = "fixed-version: Fixed from version 6.3"
-# CVE-2024-14027 may need backporting (fixed from 6.6.133)
+CVE_STATUS[CVE-2024-14027] = "cpe-stable-backport: Backported in 6.6.133"
CVE_STATUS[CVE-2024-26581] = "cpe-stable-backport: Backported in 6.6.17"
@@ -9874,7 +9876,7 @@ CVE_STATUS[CVE-2024-27020] = "cpe-stable-backport: Backported in 6.6.29"
CVE_STATUS[CVE-2024-27021] = "fixed-version: only affects 6.8 onwards"
-# CVE-2024-27022 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2024-27022] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2024-27023] = "cpe-stable-backport: Backported in 6.6.19"
@@ -11942,7 +11944,7 @@ CVE_STATUS[CVE-2024-43823] = "cpe-stable-backport: Backported in 6.6.44"
CVE_STATUS[CVE-2024-43825] = "cpe-stable-backport: Backported in 6.6.44"
-# CVE-2024-43826 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2024-43826] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2024-43827] = "fixed-version: only affects 6.8 onwards"
@@ -12346,7 +12348,7 @@ CVE_STATUS[CVE-2024-46689] = "cpe-stable-backport: Backported in 6.6.49"
CVE_STATUS[CVE-2024-46690] = "fixed-version: only affects 6.9 onwards"
-# CVE-2024-46691 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2024-46691] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2024-46692] = "cpe-stable-backport: Backported in 6.6.49"
@@ -14482,7 +14484,7 @@ CVE_STATUS[CVE-2024-56645] = "cpe-stable-backport: Backported in 6.6.66"
CVE_STATUS[CVE-2024-56646] = "fixed-version: only affects 6.9 onwards"
-# CVE-2024-56647 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2024-56647] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2024-56648] = "cpe-stable-backport: Backported in 6.6.66"
@@ -15258,7 +15260,7 @@ CVE_STATUS[CVE-2025-21680] = "cpe-stable-backport: Backported in 6.6.74"
CVE_STATUS[CVE-2025-21681] = "cpe-stable-backport: Backported in 6.6.74"
-# CVE-2025-21682 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-21682] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-21683] = "cpe-stable-backport: Backported in 6.6.74"
@@ -15368,7 +15370,7 @@ CVE_STATUS[CVE-2025-21737] = "fixed-version: only affects 6.10 onwards"
CVE_STATUS[CVE-2025-21738] = "cpe-stable-backport: Backported in 6.6.78"
-# CVE-2025-21739 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2025-21739] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2025-21741] = "cpe-stable-backport: Backported in 6.6.78"
@@ -15392,7 +15394,7 @@ CVE_STATUS[CVE-2025-21750] = "cpe-stable-backport: Backported in 6.6.78"
CVE_STATUS[CVE-2025-21751] = "fixed-version: only affects 6.12 onwards"
-CVE_STATUS[CVE-2025-21752] = "fixed-version: only affects 6.6.130 onwards"
+# CVE-2025-21752 may need backporting (fixed from 6.7)
CVE_STATUS[CVE-2025-21753] = "cpe-stable-backport: Backported in 6.6.78"
@@ -16128,7 +16130,7 @@ CVE_STATUS[CVE-2025-22123] = "fixed-version: only affects 6.9 onwards"
# CVE-2025-22124 may need backporting (fixed from 6.7)
-# CVE-2025-22125 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2025-22125] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.6.88"
@@ -16140,7 +16142,7 @@ CVE_STATUS[CVE-2025-22128] = "fixed-version: only affects 6.8 onwards"
# CVE-2025-23130 needs backporting (fixed from 6.15)
-# CVE-2025-23131 needs backporting (fixed from 6.15)
+# CVE-2025-23131 may need backporting (fixed from 6.6.144)
# CVE-2025-23132 needs backporting (fixed from 6.15)
@@ -17030,7 +17032,7 @@ CVE_STATUS[CVE-2025-38162] = "cpe-stable-backport: Backported in 6.6.125"
CVE_STATUS[CVE-2025-38163] = "cpe-stable-backport: Backported in 6.6.94"
-# CVE-2025-38164 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-38164] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-38165] = "cpe-stable-backport: Backported in 6.6.94"
@@ -17548,7 +17550,7 @@ CVE_STATUS[CVE-2025-38424] = "cpe-stable-backport: Backported in 6.6.95"
CVE_STATUS[CVE-2025-38425] = "cpe-stable-backport: Backported in 6.6.95"
-# CVE-2025-38426 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-38426] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-38427] = "cpe-stable-backport: Backported in 6.6.95"
@@ -17758,7 +17760,7 @@ CVE_STATUS[CVE-2025-38529] = "cpe-stable-backport: Backported in 6.6.100"
CVE_STATUS[CVE-2025-38530] = "cpe-stable-backport: Backported in 6.6.100"
-# CVE-2025-38531 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2025-38531] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2025-38532] = "cpe-stable-backport: Backported in 6.6.100"
@@ -17802,8 +17804,6 @@ CVE_STATUS[CVE-2025-38551] = "fixed-version: only affects 6.11.2 onwards"
CVE_STATUS[CVE-2025-38552] = "cpe-stable-backport: Backported in 6.6.101"
-CVE_STATUS[CVE-2025-38553] = "cpe-stable-backport: Backported in 6.6.102"
-
CVE_STATUS[CVE-2025-38554] = "fixed-version: only affects 6.15 onwards"
CVE_STATUS[CVE-2025-38555] = "cpe-stable-backport: Backported in 6.6.102"
@@ -17864,7 +17864,7 @@ CVE_STATUS[CVE-2025-38581] = "cpe-stable-backport: Backported in 6.6.102"
CVE_STATUS[CVE-2025-38583] = "cpe-stable-backport: Backported in 6.6.102"
-# CVE-2025-38584 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2025-38584] = "cpe-stable-backport: Backported in 6.6.140"
# CVE-2025-38585 needs backporting (fixed from 6.17)
@@ -18100,7 +18100,7 @@ CVE_STATUS[CVE-2025-38702] = "cpe-stable-backport: Backported in 6.6.103"
CVE_STATUS[CVE-2025-38703] = "fixed-version: only affects 6.8 onwards"
-# CVE-2025-38704 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-38704] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2025-38705 needs backporting (fixed from 6.17)
@@ -18112,7 +18112,7 @@ CVE_STATUS[CVE-2025-38708] = "cpe-stable-backport: Backported in 6.6.103"
CVE_STATUS[CVE-2025-38709] = "cpe-stable-backport: Backported in 6.6.109"
-# CVE-2025-38710 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2025-38710] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2025-38711] = "cpe-stable-backport: Backported in 6.6.103"
@@ -18318,7 +18318,7 @@ CVE_STATUS[CVE-2025-39745] = "fixed-version: only affects 6.14 onwards"
# CVE-2025-39747 needs backporting (fixed from 6.17)
-# CVE-2025-39748 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-39748] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-39749] = "cpe-stable-backport: Backported in 6.6.103"
@@ -18348,7 +18348,7 @@ CVE_STATUS[CVE-2025-39761] = "cpe-stable-backport: Backported in 6.6.103"
CVE_STATUS[CVE-2025-39763] = "cpe-stable-backport: Backported in 6.6.103"
-# CVE-2025-39764 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-39764] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-39765] = "fixed-version: only affects 6.12 onwards"
@@ -18674,7 +18674,7 @@ CVE_STATUS[CVE-2025-39928] = "fixed-version: only affects 6.13 onwards"
CVE_STATUS[CVE-2025-39929] = "cpe-stable-backport: Backported in 6.6.108"
-CVE_STATUS[CVE-2025-39930] = "fixed-version: only affects 6.6.130 onwards"
+CVE_STATUS[CVE-2025-39930] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2025-39931] = "cpe-stable-backport: Backported in 6.6.108"
@@ -18776,7 +18776,7 @@ CVE_STATUS[CVE-2025-39979] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2025-39980] = "cpe-stable-backport: Backported in 6.6.109"
-# CVE-2025-39981 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2025-39981] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2025-39982] = "cpe-stable-backport: Backported in 6.6.109"
@@ -19082,7 +19082,7 @@ CVE_STATUS[CVE-2025-40133] = "fixed-version: only affects 6.12 onwards"
CVE_STATUS[CVE-2025-40134] = "cpe-stable-backport: Backported in 6.6.112"
-# CVE-2025-40135 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-40135] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2025-40136 needs backporting (fixed from 6.18)
@@ -19110,7 +19110,7 @@ CVE_STATUS[CVE-2025-40148] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2025-40149] = "cpe-stable-backport: Backported in 6.6.121"
-# CVE-2025-40150 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-40150] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-40151] = "fixed-version: only affects 6.17 onwards"
@@ -19236,7 +19236,7 @@ CVE_STATUS[CVE-2025-40211] = "cpe-stable-backport: Backported in 6.6.117"
CVE_STATUS[CVE-2025-40212] = "fixed-version: only affects 6.12 onwards"
-CVE_STATUS[CVE-2025-40213] = "fixed-version: only affects 6.6.140 onwards"
+# CVE-2025-40213 may need backporting (fixed from 6.7)
CVE_STATUS[CVE-2025-40214] = "cpe-stable-backport: Backported in 6.6.117"
@@ -19248,7 +19248,7 @@ CVE_STATUS[CVE-2025-40217] = "fixed-version: only affects 6.11 onwards"
CVE_STATUS[CVE-2025-40218] = "cpe-stable-backport: Backported in 6.6.113"
-# CVE-2025-40219 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-40219] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2025-40220] = "cpe-stable-backport: Backported in 6.6.115"
@@ -19294,7 +19294,7 @@ CVE_STATUS[CVE-2025-40240] = "cpe-stable-backport: Backported in 6.6.115"
CVE_STATUS[CVE-2025-40241] = "fixed-version: only affects 6.15 onwards"
-# CVE-2025-40242 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2025-40242] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2025-40243] = "cpe-stable-backport: Backported in 6.6.115"
@@ -19614,7 +19614,7 @@ CVE_STATUS[CVE-2025-68204] = "cpe-stable-backport: Backported in 6.6.118"
CVE_STATUS[CVE-2025-68205] = "fixed-version: only affects 6.17 onwards"
-# CVE-2025-68206 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-68206] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-68207] = "fixed-version: only affects 6.12.37 onwards"
@@ -19678,7 +19678,7 @@ CVE_STATUS[CVE-2025-68237] = "cpe-stable-backport: Backported in 6.6.118"
CVE_STATUS[CVE-2025-68238] = "cpe-stable-backport: Backported in 6.6.118"
-# CVE-2025-68239 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-68239] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-68240] = "fixed-version: only affects 6.12 onwards"
@@ -19764,7 +19764,7 @@ CVE_STATUS[CVE-2025-68294] = "fixed-version: only affects 6.15 onwards"
CVE_STATUS[CVE-2025-68295] = "cpe-stable-backport: Backported in 6.6.119"
-# CVE-2025-68296 needs backporting (fixed from 6.18)
+# CVE-2025-68296 may need backporting (fixed from 6.6.143)
CVE_STATUS[CVE-2025-68297] = "cpe-stable-backport: Backported in 6.6.119"
@@ -19802,7 +19802,7 @@ CVE_STATUS[CVE-2025-68313] = "fixed-version: only affects 6.8 onwards"
CVE_STATUS[CVE-2025-68314] = "fixed-version: only affects 6.17 onwards"
-# CVE-2025-68315 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2025-68315] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2025-68316] = "fixed-version: only affects 6.13 onwards"
@@ -19840,7 +19840,7 @@ CVE_STATUS[CVE-2025-68332] = "cpe-stable-backport: Backported in 6.6.120"
CVE_STATUS[CVE-2025-68333] = "fixed-version: only affects 6.12 onwards"
-# CVE-2025-68334 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-68334] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-68335] = "cpe-stable-backport: Backported in 6.6.120"
@@ -19958,7 +19958,7 @@ CVE_STATUS[CVE-2025-68734] = "cpe-stable-backport: Backported in 6.6.117"
CVE_STATUS[CVE-2025-68735] = "fixed-version: only affects 6.10 onwards"
-# CVE-2025-68736 needs backporting (fixed from 6.19)
+# CVE-2025-68736 may need backporting (fixed from 6.6.143)
CVE_STATUS[CVE-2025-68737] = "fixed-version: only affects 6.18 onwards"
@@ -20022,7 +20022,7 @@ CVE_STATUS[CVE-2025-68766] = "cpe-stable-backport: Backported in 6.6.120"
CVE_STATUS[CVE-2025-68767] = "cpe-stable-backport: Backported in 6.6.120"
-# CVE-2025-68768 needs backporting (fixed from 6.19)
+# CVE-2025-68768 may need backporting (fixed from 6.6.143)
CVE_STATUS[CVE-2025-68769] = "cpe-stable-backport: Backported in 6.6.120"
@@ -20304,7 +20304,7 @@ CVE_STATUS[CVE-2025-71150] = "cpe-stable-backport: Backported in 6.6.120"
CVE_STATUS[CVE-2025-71151] = "cpe-stable-backport: Backported in 6.6.120"
-# CVE-2025-71152 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-71152] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-71153] = "cpe-stable-backport: Backported in 6.6.120"
@@ -20322,7 +20322,7 @@ CVE_STATUS[CVE-2025-71159] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2025-71160] = "cpe-stable-backport: Backported in 6.6.121"
-# CVE-2025-71161 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-71161] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-71162] = "cpe-stable-backport: Backported in 6.6.122"
@@ -20336,7 +20336,7 @@ CVE_STATUS[CVE-2025-71182] = "cpe-stable-backport: Backported in 6.6.121"
CVE_STATUS[CVE-2025-71183] = "cpe-stable-backport: Backported in 6.6.121"
-# CVE-2025-71184 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-71184] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-71185] = "cpe-stable-backport: Backported in 6.6.122"
@@ -20374,13 +20374,13 @@ CVE_STATUS[CVE-2025-71201] = "fixed-version: only affects 6.14 onwards"
# CVE-2025-71202 needs backporting (fixed from 6.19)
-# CVE-2025-71203 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-71203] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-71204] = "cpe-stable-backport: Backported in 6.6.124"
CVE_STATUS[CVE-2025-71220] = "cpe-stable-backport: Backported in 6.6.124"
-# CVE-2025-71221 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-71221] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2025-71222] = "cpe-stable-backport: Backported in 6.6.124"
@@ -20412,17 +20412,17 @@ CVE_STATUS[CVE-2025-71237] = "cpe-stable-backport: Backported in 6.6.125"
CVE_STATUS[CVE-2025-71238] = "cpe-stable-backport: Backported in 6.6.127"
-# CVE-2025-71239 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71239] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2025-71265 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71265] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2025-71266 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71266] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2025-71267 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71267] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2025-71268] = "cpe-stable-backport: Backported in 6.6.124"
-# CVE-2025-71269 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2025-71269] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2025-71270] = "cpe-stable-backport: Backported in 6.6.124"
@@ -20432,33 +20432,33 @@ CVE_STATUS[CVE-2025-71271] = "fixed-version: only affects 6.13 onwards"
# CVE-2025-71273 needs backporting (fixed from 7.0)
-# CVE-2025-71274 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71274] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2025-71285 needs backporting (fixed from 7.0)
-# CVE-2025-71286 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71286] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2025-71287 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-71287] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2025-71288 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2025-71288] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2025-71289 needs backporting (fixed from 7.0)
CVE_STATUS[CVE-2025-71290] = "fixed-version: only affects 6.16 onwards"
-# CVE-2025-71291 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71291] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2025-71292 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71292] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2025-71293] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2025-71294] = "fixed-version: only affects 6.7 onwards"
-# CVE-2025-71295 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71295] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2025-71296] = "fixed-version: only affects 6.16 onwards"
-# CVE-2025-71297 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2025-71297] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2025-71298] = "fixed-version: only affects 6.16 onwards"
@@ -20470,6 +20470,30 @@ CVE_STATUS[CVE-2025-71301] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2025-71302] = "fixed-version: only affects 6.10 onwards"
+CVE_STATUS[CVE-2025-71303] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2025-71304] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2025-71305] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2025-71306] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-71307] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2025-71308] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-71309] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2025-71311] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2025-71312] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2025-71313 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2025-71314] = "fixed-version: only affects 6.10 onwards"
+
+# CVE-2025-71315 needs backporting (fixed from 6.19)
+
CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.6.121"
CVE_STATUS[CVE-2026-22977] = "cpe-stable-backport: Backported in 6.6.121"
@@ -20526,7 +20550,7 @@ CVE_STATUS[CVE-2026-23002] = "fixed-version: only affects 6.12 onwards"
CVE_STATUS[CVE-2026-23003] = "cpe-stable-backport: Backported in 6.6.122"
-# CVE-2026-23004 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23004] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23005] = "cpe-stable-backport: Backported in 6.6.122"
@@ -20618,13 +20642,13 @@ CVE_STATUS[CVE-2026-23048] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-23049] = "cpe-stable-backport: Backported in 6.6.122"
-# CVE-2026-23050 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23050] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23051] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2026-23052] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-23053 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23053] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23054] = "cpe-stable-backport: Backported in 6.6.122"
@@ -20650,7 +20674,7 @@ CVE_STATUS[CVE-2026-23064] = "cpe-stable-backport: Backported in 6.6.122"
CVE_STATUS[CVE-2026-23065] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-23066 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23066] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23067] = "fixed-version: only affects 6.16 onwards"
@@ -20754,7 +20778,7 @@ CVE_STATUS[CVE-2026-23116] = "cpe-stable-backport: Backported in 6.6.122"
CVE_STATUS[CVE-2026-23117] = "fixed-version: only affects 6.18.2 onwards"
-# CVE-2026-23118 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23118] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23119] = "cpe-stable-backport: Backported in 6.6.122"
@@ -20794,7 +20818,7 @@ CVE_STATUS[CVE-2026-23136] = "cpe-stable-backport: Backported in 6.6.121"
# CVE-2026-23137 needs backporting (fixed from 6.19)
-# CVE-2026-23138 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23138] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23139] = "cpe-stable-backport: Backported in 6.6.121"
@@ -20826,13 +20850,13 @@ CVE_STATUS[CVE-2026-23152] = "fixed-version: only affects 6.7 onwards"
CVE_STATUS[CVE-2026-23153] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23154 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23154] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23155] = "cpe-stable-backport: Backported in 6.6.123"
CVE_STATUS[CVE-2026-23156] = "cpe-stable-backport: Backported in 6.6.123"
-# CVE-2026-23157 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23157] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23158] = "fixed-version: only affects 6.11 onwards"
@@ -20860,7 +20884,7 @@ CVE_STATUS[CVE-2026-23169] = "cpe-stable-backport: Backported in 6.6.125"
CVE_STATUS[CVE-2026-23170] = "cpe-stable-backport: Backported in 6.6.123"
-# CVE-2026-23171 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-23171] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2026-23172] = "cpe-stable-backport: Backported in 6.6.123"
@@ -20972,7 +20996,7 @@ CVE_STATUS[CVE-2026-23225] = "fixed-version: only affects 6.19 onwards"
# CVE-2026-23226 needs backporting (fixed from 7.0)
-# CVE-2026-23227 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23227] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23228] = "cpe-stable-backport: Backported in 6.6.125"
@@ -20980,7 +21004,7 @@ CVE_STATUS[CVE-2026-23229] = "cpe-stable-backport: Backported in 6.6.125"
CVE_STATUS[CVE-2026-23230] = "cpe-stable-backport: Backported in 6.6.125"
-# CVE-2026-23231 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-23231] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-23232] = "fixed-version: only affects 6.19 onwards"
@@ -21002,15 +21026,15 @@ CVE_STATUS[CVE-2026-23238] = "cpe-stable-backport: Backported in 6.6.127"
CVE_STATUS[CVE-2026-23241] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-23242 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-23242] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-23243 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-23243] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-23244 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23244] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23245 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23245] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23246 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23246] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-23247 needs backporting (fixed from 7.0)
@@ -21024,11 +21048,11 @@ CVE_STATUS[CVE-2026-23251] = "fixed-version: only affects 6.10 onwards"
CVE_STATUS[CVE-2026-23252] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-23253 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23253] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23254] = "cpe-stable-backport: Backported in 6.6.124"
-# CVE-2026-23255 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23255] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-23256] = "cpe-stable-backport: Backported in 6.6.124"
@@ -21054,119 +21078,119 @@ CVE_STATUS[CVE-2026-23266] = "cpe-stable-backport: Backported in 6.6.127"
CVE_STATUS[CVE-2026-23267] = "cpe-stable-backport: Backported in 6.6.127"
-# CVE-2026-23268 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23268] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23269 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23269] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23270 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23270] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23271 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23271] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23272 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-23272] = "cpe-stable-backport: Backported in 6.6.141"
-# CVE-2026-23273 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-23273] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-23274 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23274] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23275] = "fixed-version: only affects 6.13 onwards"
# CVE-2026-23276 needs backporting (fixed from 7.0)
-# CVE-2026-23277 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23277] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23278 needs backporting (fixed from 7.0)
+# CVE-2026-23278 may need backporting (fixed from 6.6.144)
-# CVE-2026-23279 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23279] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23280] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23281 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23281] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23282] = "fixed-version: only affects 6.17 onwards"
CVE_STATUS[CVE-2026-23283] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-23284 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23284] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23285 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23285] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23286 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23286] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23287 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23287] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19.4 onwards"
-# CVE-2026-23289 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23289] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23290 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23290] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23291 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23291] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23292 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23292] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23293 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23293] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23294] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-23295] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-23296 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23296] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23297] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-23298 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23298] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23299] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-23300 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23300] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23301] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-23302 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23302] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-23303 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23303] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23304 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23304] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23305] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23306 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23306] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23307 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23307] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23308 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23308] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23309 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23309] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23310 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23310] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23311] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-23312 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23312] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23313 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23313] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-23314] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23315 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23315] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23316] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-23317 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23317] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23318 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23318] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23319 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23319] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23321 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23321] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23322] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-23323] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-23324 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23324] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23325 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23325] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23326] = "fixed-version: only affects 6.13 onwards"
@@ -21176,39 +21200,39 @@ CVE_STATUS[CVE-2026-23328] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2026-23329] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23330 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23330] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-23331] = "fixed-version: only affects 6.13 onwards"
CVE_STATUS[CVE-2026-23332] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-23334 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23335 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23335] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23336 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23336] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23337] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-23338] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-23339 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23339] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23340 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23340] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19.4 onwards"
CVE_STATUS[CVE-2026-23342] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23343 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23343] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23344] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-23345] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-23346 needs backporting (fixed from 7.0)
+# CVE-2026-23346 may need backporting (fixed from 6.6.143)
-# CVE-2026-23347 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23347] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-23348 needs backporting (fixed from 7.0)
@@ -21216,9 +21240,9 @@ CVE_STATUS[CVE-2026-23349] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-23350] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-23351 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23351] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23352 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23352] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23353] = "fixed-version: only affects 6.19 onwards"
@@ -21226,43 +21250,43 @@ CVE_STATUS[CVE-2026-23354] = "fixed-version: only affects 6.9 onwards"
CVE_STATUS[CVE-2026-23355] = "fixed-version: only affects 6.18.14 onwards"
-# CVE-2026-23356 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23356] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23357 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23357] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23358] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-23359 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23359] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23360 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-23360] = "cpe-stable-backport: Backported in 6.6.131"
# CVE-2026-23361 needs backporting (fixed from 7.0)
-# CVE-2026-23362 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23362] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23363] = "fixed-version: only affects 6.7 onwards"
-# CVE-2026-23364 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23364] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23365 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23365] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23366] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-23367 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23367] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23368 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23368] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23369] = "fixed-version: only affects 6.7 onwards"
-# CVE-2026-23370 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23370] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-23371 needs backporting (fixed from 7.0)
-# CVE-2026-23372 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23372] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23373] = "fixed-version: only affects 6.9 onwards"
-# CVE-2026-23374 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23374] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-23375] = "fixed-version: only affects 6.8 onwards"
@@ -21270,15 +21294,15 @@ CVE_STATUS[CVE-2026-23376] = "fixed-version: only affects 6.17.3 onwards"
# CVE-2026-23377 needs backporting (fixed from 7.0)
-# CVE-2026-23378 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23378] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23379 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23379] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23380] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-23381 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23381] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23382 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23382] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-23383 needs backporting (fixed from 7.0)
@@ -21286,63 +21310,63 @@ CVE_STATUS[CVE-2026-23384] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-23385] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-23386 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23386] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23387 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23387] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23388 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23388] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23389 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23389] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-23390] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-23391 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23391] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23392 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23392] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-23393 needs backporting (fixed from 7.0)
-# CVE-2026-23394 may need backporting (fixed from 6.7)
+CVE_STATUS[CVE-2026-23394] = "cpe-stable-backport: Backported in 6.6.142"
-# CVE-2026-23395 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23395] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23396 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23396] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23397 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23397] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23398 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23398] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23399 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23399] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-23400] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23401 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-23401] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-23402] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-23403 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23403] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23404 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23404] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23405 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23405] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23406 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23406] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23407 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23407] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23408 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23408] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23409 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23409] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23410 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23410] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23411 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23411] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23412 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23412] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23413 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23413] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23414 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-23414] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-23415] = "fixed-version: only affects 6.16 onwards"
@@ -21352,13 +21376,13 @@ CVE_STATUS[CVE-2026-23417] = "fixed-version: only affects 6.9 onwards"
CVE_STATUS[CVE-2026-23418] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-23419 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23419] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23420 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23420] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23421] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-23422 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23422] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23423] = "fixed-version: only affects 6.13 onwards"
@@ -21366,11 +21390,11 @@ CVE_STATUS[CVE-2026-23424] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2026-23425] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-23426 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23426] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23427 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23427] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23428 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23428] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23429] = "fixed-version: only affects 6.18.7 onwards"
@@ -21382,7 +21406,7 @@ CVE_STATUS[CVE-2026-23432] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-23433] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-23434 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23434] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23435] = "fixed-version: only affects 6.18.2 onwards"
@@ -21390,67 +21414,67 @@ CVE_STATUS[CVE-2026-23436] = "fixed-version: only affects 6.13 onwards"
CVE_STATUS[CVE-2026-23437] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-23438 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23438] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23439 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23439] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23440 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23440] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23441 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23441] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23442 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23442] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-23443 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23443] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23444 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-23444] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-23445] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-23446 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23446] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23447 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23447] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23448 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23448] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23449 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23449] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23450 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23450] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23451] = "fixed-version: only affects 6.18.19 onwards"
-# CVE-2026-23452 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23452] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23453] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-23454 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23454] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23455 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23455] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23456 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23456] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23457 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23457] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23458 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23458] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23459] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-23460 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23460] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23461 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23461] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23462 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23462] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23463 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23463] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23464] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-23465 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23465] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-23466] = "fixed-version: only affects 6.12 onwards"
CVE_STATUS[CVE-2026-23467] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-23468 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-23468] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2026-23469] = "fixed-version: only affects 6.8 onwards"
@@ -21458,101 +21482,101 @@ CVE_STATUS[CVE-2026-23470] = "fixed-version: only affects 6.8 onwards"
# CVE-2026-23472 needs backporting (fixed from 7.0)
-# CVE-2026-23474 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23474] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-23475 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-23475] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31389 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31389] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31390] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-31391 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31391] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31392 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31392] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31393 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31393] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31394] = "fixed-version: only affects 6.11 onwards"
CVE_STATUS[CVE-2026-31395] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-31396 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31396] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31397] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2026-31398] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-31399 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31399] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31400 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31400] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31401] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-31402 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31402] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31403 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31403] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31404] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-31405 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31405] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31406] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-31407 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31407] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31408 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31408] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31409 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31409] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-31410 needs backporting (fixed from 7.0)
-# CVE-2026-31411 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-31411] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-31412 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31412] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31413] = "fixed-version: only affects 6.12.75 onwards"
-# CVE-2026-31414 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31414] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31415 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31415] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31416 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31416] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31417 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31417] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31418 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31418] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31419 needs backporting (fixed from 7.0)
+# CVE-2026-31419 may need backporting (fixed from 6.6.143)
# CVE-2026-31420 needs backporting (fixed from 7.0)
-# CVE-2026-31421 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31421] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31422 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31422] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31423 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31423] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31424 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31424] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31425 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31425] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31426 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31426] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31427 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31427] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31428 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31428] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31429 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31429] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31430 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31430] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31431 may need backporting (fixed from 6.6.137)
+CVE_STATUS[CVE-2026-31431] = "cpe-stable-backport: Backported in 6.6.137"
-# CVE-2026-31432 needs backporting (fixed from 7.0)
+# CVE-2026-31432 may need backporting (fixed from 6.6.143)
-# CVE-2026-31433 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31433] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31434 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31434] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31435] = "fixed-version: only affects 6.12 onwards"
@@ -21562,45 +21586,45 @@ CVE_STATUS[CVE-2026-31437] = "fixed-version: only affects 6.18.17 onwards"
CVE_STATUS[CVE-2026-31438] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-31439 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31439] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31440 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31440] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-31441 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31441] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31442] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2026-31443] = "fixed-version: only affects 6.14 onwards"
-CVE_STATUS[CVE-2026-31444] = "fixed-version: only affects 6.6.130 onwards"
+CVE_STATUS[CVE-2026-31444] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31445] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-31446 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31446] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31447 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31447] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31448 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31448] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31449 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31449] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-31450 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31450] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31451 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31451] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31452 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31452] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31453 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31453] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31454 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31454] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31455 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31455] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31456] = "fixed-version: only affects 6.12 onwards"
CVE_STATUS[CVE-2026-31457] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-31458 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31458] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31459] = "fixed-version: only affects 6.17.6 onwards"
@@ -21612,17 +21636,17 @@ CVE_STATUS[CVE-2026-31461] = "fixed-version: only affects 6.13 onwards"
CVE_STATUS[CVE-2026-31463] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31464 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31464] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31465] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-31466 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31466] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31467 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31467] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31468] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31469 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31469] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31470] = "fixed-version: only affects 6.7 onwards"
@@ -21630,117 +21654,117 @@ CVE_STATUS[CVE-2026-31471] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2026-31472] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-31473 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31473] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31474 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31474] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31475] = "fixed-version: only affects 6.14.9 onwards"
-# CVE-2026-31476 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31476] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31477 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31477] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31478 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31478] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31479] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-31480 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31480] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31481] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31482 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31482] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31483 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31483] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31484] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31485 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31485] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31486 needs backporting (fixed from 7.0)
+# CVE-2026-31486 may need backporting (fixed from 6.6.143)
# CVE-2026-31487 needs backporting (fixed from 7.0)
-# CVE-2026-31488 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31488] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-31489 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31489] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2026-31490] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-31491] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-31492 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31492] = "cpe-stable-backport: Backported in 6.6.131"
# CVE-2026-31493 needs backporting (fixed from 7.0)
-# CVE-2026-31494 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31494] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31495 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31495] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31496 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31496] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31497 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31497] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31498 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31498] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31499] = "fixed-version: only affects 6.12.20 onwards"
-# CVE-2026-31500 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31500] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31501] = "fixed-version: only affects 6.15 onwards"
# CVE-2026-31502 needs backporting (fixed from 7.0)
-# CVE-2026-31503 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31503] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31504 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31504] = "cpe-stable-backport: Backported in 6.6.131"
# CVE-2026-31505 needs backporting (fixed from 7.0)
# CVE-2026-31506 needs backporting (fixed from 7.0)
-# CVE-2026-31507 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31507] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31508 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31508] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31509 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31509] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31510 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31510] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31511] = "fixed-version: only affects 6.12.59 onwards"
-# CVE-2026-31512 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31512] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31513] = "fixed-version: only affects 6.12.75 onwards"
CVE_STATUS[CVE-2026-31514] = "fixed-version: only affects 6.12.75 onwards"
-# CVE-2026-31515 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31515] = "cpe-stable-backport: Backported in 6.6.131"
# CVE-2026-31516 needs backporting (fixed from 7.0)
CVE_STATUS[CVE-2026-31517] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-31518 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31518] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31519 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31519] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31520 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31520] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31521 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31521] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31522 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31522] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31523 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31523] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31524 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31524] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31525 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31525] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31526] = "fixed-version: only affects 6.7 onwards"
-# CVE-2026-31527 needs backporting (fixed from 7.0)
+CVE_STATUS[CVE-2026-31527] = "cpe-stable-backport: Backported in 6.6.142"
-# CVE-2026-31528 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31528] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31529] = "fixed-version: only affects 6.19 onwards"
@@ -21748,9 +21772,9 @@ CVE_STATUS[CVE-2026-31529] = "fixed-version: only affects 6.19 onwards"
# CVE-2026-31531 needs backporting (fixed from 7.0)
-# CVE-2026-31532 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31532] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31533 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31533] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31535] = "fixed-version: only affects 6.18 onwards"
@@ -21762,37 +21786,37 @@ CVE_STATUS[CVE-2026-31538] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-31539] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-31540 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31540] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31541] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-31542 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31542] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31543] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2026-31544] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-31545 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31545] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31546 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31546] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31547] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31548 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31548] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31549 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31549] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31550 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31550] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31551 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31551] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31552 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31552] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-31553] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-31554] = "fixed-version: only affects 6.7 onwards"
-# CVE-2026-31555 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31555] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31556] = "fixed-version: only affects 6.8 onwards"
@@ -21808,13 +21832,13 @@ CVE_STATUS[CVE-2026-31561] = "fixed-version: only affects 6.9 onwards"
CVE_STATUS[CVE-2026-31562] = "fixed-version: only affects 6.9 onwards"
-# CVE-2026-31563 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31563] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31564] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31565 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31565] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31566 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31566] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31567] = "fixed-version: only affects 6.17.8 onwards"
@@ -21822,7 +21846,7 @@ CVE_STATUS[CVE-2026-31567] = "fixed-version: only affects 6.17.8 onwards"
CVE_STATUS[CVE-2026-31569] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-31570 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31570] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-31571] = "fixed-version: only affects 6.15 onwards"
@@ -21834,113 +21858,113 @@ CVE_STATUS[CVE-2026-31574] = "fixed-version: only affects 7.0 onwards"
CVE_STATUS[CVE-2026-31575] = "fixed-version: only affects 6.7 onwards"
-# CVE-2026-31576 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31576] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31577 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31577] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31578 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31578] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31579 needs backporting (fixed from 7.1rc1)
+# CVE-2026-31579 needs backporting (fixed from 7.1)
-# CVE-2026-31580 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31580] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31581 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31581] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31582] = "fixed-version: only affects 6.7 onwards"
-# CVE-2026-31583 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31583] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31584 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31584] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31585 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31585] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31586 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31586] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31587 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31587] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31588 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31588] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31589] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-31590 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31590] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31591] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-31592 needs backporting (fixed from 7.1rc1)
+# CVE-2026-31592 needs backporting (fixed from 7.1)
CVE_STATUS[CVE-2026-31593] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-31594 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31594] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31595 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31595] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31596 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31596] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31597 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31597] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31598 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31598] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31599 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31599] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31600] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-31601] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31602 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31602] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31603 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31603] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31604 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31604] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31605 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31605] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31606 needs backporting (fixed from 7.1rc1)
+# CVE-2026-31606 needs backporting (fixed from 7.1)
-# CVE-2026-31607 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31607] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31608] = "fixed-version: only affects 6.18.11 onwards"
CVE_STATUS[CVE-2026-31609] = "fixed-version: only affects 6.18.11 onwards"
-# CVE-2026-31610 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31610] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31611 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31611] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31612 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31612] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31613 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-31613] = "cpe-stable-backport: Backported in 6.6.141"
-# CVE-2026-31614 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31614] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31615 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31615] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31616 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31616] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31617 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31617] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31618 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31618] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31619 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31619] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31620] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-31621] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31622 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31622] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31623 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31623] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31624 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31624] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31625 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31625] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31626 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31626] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31627 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31627] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31628 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31628] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31629 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31629] = "cpe-stable-backport: Backported in 6.6.136"
# CVE-2026-31630 needs backporting (fixed from 7.0)
@@ -21950,23 +21974,23 @@ CVE_STATUS[CVE-2026-31632] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2026-31633] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-31634 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31634] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31635] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2026-31636] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-31637 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31637] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31638 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31638] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31639 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31639] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31640] = "fixed-version: only affects 6.16 onwards"
CVE_STATUS[CVE-2026-31641] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-31642 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31642] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31643] = "fixed-version: only affects 6.16 onwards"
@@ -21974,17 +21998,17 @@ CVE_STATUS[CVE-2026-31644] = "fixed-version: only affects 6.12 onwards"
# CVE-2026-31645 needs backporting (fixed from 7.0)
-# CVE-2026-31646 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31646] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31647] = "fixed-version: only affects 6.9 onwards"
-# CVE-2026-31648 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31648] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31649 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31649] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31650] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-31651 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31651] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31652] = "fixed-version: only affects 6.17 onwards"
@@ -21992,75 +22016,73 @@ CVE_STATUS[CVE-2026-31653] = "fixed-version: only affects 6.17 onwards"
CVE_STATUS[CVE-2026-31654] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31655 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31655] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31656 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31656] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31657 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31657] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31658 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31658] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31659 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31659] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31660 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31660] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31661 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31661] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31662 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31662] = "cpe-stable-backport: Backported in 6.6.135"
# CVE-2026-31663 needs backporting (fixed from 7.0)
-# CVE-2026-31664 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31664] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31665 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31665] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31666] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-31667 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31667] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31668 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31668] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31669 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31669] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31670 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31670] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31671 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31671] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31672 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31672] = "cpe-stable-backport: Backported in 6.6.135"
-# CVE-2026-31673 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31673] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31674 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31674] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31675 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31675] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31676 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31676] = "cpe-stable-backport: Backported in 6.6.136"
# CVE-2026-31677 needs backporting (fixed from 7.0)
-# CVE-2026-31678 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31678] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31679 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-31679] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-31680 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31680] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31681 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31681] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31682 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31682] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31683 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31683] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-31684 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31684] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31685 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31685] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31686 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31686] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31687] = "cpe-stable-backport: Backported in 6.6.126"
-# CVE-2026-31688 needs backporting (fixed from 7.0)
-
-# CVE-2026-31689 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31689] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-31690] = "fixed-version: only affects 6.15 onwards"
@@ -22068,63 +22090,63 @@ CVE_STATUS[CVE-2026-31691] = "fixed-version: only affects 6.14 onwards"
# CVE-2026-31692 needs backporting (fixed from 7.0)
-# CVE-2026-31693 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-31693] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-31694 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31694] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-31695 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31695] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31696 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31696] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31697 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31697] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31698 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31698] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31699 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31699] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31700 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31700] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31701 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31701] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31702 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31702] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-31703] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-31704 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31704] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31705 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31705] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31706 needs backporting (fixed from 7.1rc1)
+# CVE-2026-31706 needs backporting (fixed from 7.1)
-# CVE-2026-31707 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-31707] = "cpe-stable-backport: Backported in 6.6.141"
-# CVE-2026-31708 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31708] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31709 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31709] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2026-31710] = "fixed-version: only affects 7.0 onwards"
-# CVE-2026-31711 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31711] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31712 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31712] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2026-31713] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-31714 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31714] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31715 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31715] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-31716 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-31716] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-31717 may need backporting (fixed from 6.7)
+CVE_STATUS[CVE-2026-31717] = "cpe-stable-backport: Backported in 6.6.142"
-# CVE-2026-31718 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-31718] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2026-31719] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-31720 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31720] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31721 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-31721] = "cpe-stable-backport: Backported in 6.6.135"
# CVE-2026-31722 needs backporting (fixed from 7.0)
@@ -22134,15 +22156,15 @@ CVE_STATUS[CVE-2026-31719] = "fixed-version: only affects 6.15 onwards"
# CVE-2026-31725 needs backporting (fixed from 7.0)
-# CVE-2026-31726 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31726] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31727] = "fixed-version: only affects 6.12.78 onwards"
-# CVE-2026-31728 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31728] = "cpe-stable-backport: Backported in 6.6.134"
# CVE-2026-31729 needs backporting (fixed from 7.0)
-# CVE-2026-31730 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31730] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31731] = "fixed-version: only affects 6.8 onwards"
@@ -22156,15 +22178,15 @@ CVE_STATUS[CVE-2026-31735] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-31736] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-31737 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31737] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31738 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31738] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31739] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-31740 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31740] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31741 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31741] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31742] = "fixed-version: only affects 6.18.20 onwards"
@@ -22176,39 +22198,39 @@ CVE_STATUS[CVE-2026-31745] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-31746] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-31747 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31747] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31748 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31748] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31749 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31749] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31750] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31751 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31751] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31752 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31752] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31753] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31754 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31754] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31755 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31755] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31756 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31756] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31757] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-31758 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31758] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31759 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31759] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31760] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-31761 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31761] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31762 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31762] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31763 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31763] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31764] = "fixed-version: only affects 6.19 onwards"
@@ -22218,17 +22240,17 @@ CVE_STATUS[CVE-2026-31766] = "fixed-version: only affects 6.16 onwards"
# CVE-2026-31767 needs backporting (fixed from 7.0)
-# CVE-2026-31768 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31768] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31769] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-31770 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31770] = "cpe-stable-backport: Backported in 6.6.134"
# CVE-2026-31771 needs backporting (fixed from 7.0)
CVE_STATUS[CVE-2026-31772] = "fixed-version: only affects 6.12.2 onwards"
-# CVE-2026-31773 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31773] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31774] = "fixed-version: only affects 6.10 onwards"
@@ -22238,13 +22260,13 @@ CVE_STATUS[CVE-2026-31776] = "fixed-version: only affects 6.19 onwards"
# CVE-2026-31777 needs backporting (fixed from 7.0)
-# CVE-2026-31778 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31778] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31779 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31779] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31780 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31780] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-31781 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-31781] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-31782] = "fixed-version: only affects 6.16 onwards"
@@ -22254,11 +22276,11 @@ CVE_STATUS[CVE-2026-31784] = "fixed-version: only affects 6.17 onwards"
CVE_STATUS[CVE-2026-31785] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-31786 may need backporting (fixed from 6.6.137)
+CVE_STATUS[CVE-2026-31786] = "cpe-stable-backport: Backported in 6.6.137"
-# CVE-2026-31787 may need backporting (fixed from 6.6.137)
+CVE_STATUS[CVE-2026-31787] = "cpe-stable-backport: Backported in 6.6.137"
-# CVE-2026-31788 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-31788] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43004] = "fixed-version: only affects 6.15 onwards"
@@ -22266,181 +22288,181 @@ CVE_STATUS[CVE-2026-43005] = "fixed-version: only affects 6.17 onwards"
CVE_STATUS[CVE-2026-43006] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43007 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43007] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43008] = "fixed-version: only affects 6.19 onwards"
# CVE-2026-43009 needs backporting (fixed from 7.0)
-# CVE-2026-43010 needs backporting (fixed from 7.0)
+# CVE-2026-43010 may need backporting (fixed from 6.6.144)
-# CVE-2026-43011 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43011] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43012] = "fixed-version: only affects 6.12.9 onwards"
-# CVE-2026-43013 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43013] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43014 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43014] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43015 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43015] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43016 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43016] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43017 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43017] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43018 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43018] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43019 needs backporting (fixed from 7.0)
+# CVE-2026-43019 may need backporting (fixed from 6.6.143)
-# CVE-2026-43020 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43020] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43021] = "fixed-version: only affects 6.19 onwards"
# CVE-2026-43022 may need backporting (fixed from 6.7)
-# CVE-2026-43023 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43023] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43024 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43024] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43025 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43025] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43026 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43026] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43027 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43027] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43028 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43028] = "cpe-stable-backport: Backported in 6.6.134"
# CVE-2026-43029 may need backporting (fixed from 6.7)
-# CVE-2026-43030 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43030] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43031] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43032 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43032] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43033 may need backporting (fixed from 6.6.137)
+CVE_STATUS[CVE-2026-43033] = "cpe-stable-backport: Backported in 6.6.137"
CVE_STATUS[CVE-2026-43034] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-43035 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43035] = "cpe-stable-backport: Backported in 6.6.134"
# CVE-2026-43036 needs backporting (fixed from 7.0)
-# CVE-2026-43037 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43037] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43038 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43038] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43039] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43040 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43040] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43041 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43041] = "cpe-stable-backport: Backported in 6.6.134"
# CVE-2026-43042 needs backporting (fixed from 7.0)
-# CVE-2026-43043 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43043] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43044 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43044] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43045] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43046 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43046] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43047 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43047] = "cpe-stable-backport: Backported in 6.6.134"
# CVE-2026-43048 needs backporting (fixed from 7.0)
# CVE-2026-43049 needs backporting (fixed from 7.0)
-# CVE-2026-43050 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43050] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43051 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43051] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43052 needs backporting (fixed from 7.0)
+CVE_STATUS[CVE-2026-43052] = "cpe-stable-backport: Backported in 6.6.142"
# CVE-2026-43053 needs backporting (fixed from 7.0)
-# CVE-2026-43054 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43054] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43055] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43056 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43056] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43057 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43057] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43058 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43058] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43059] = "fixed-version: only affects 6.12.59 onwards"
-# CVE-2026-43060 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43060] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43061 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43061] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43062 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43062] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43063] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-43064 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-43064] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-43065 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-43065] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-43066 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-43066] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-43067 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43067] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43068 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-43068] = "cpe-stable-backport: Backported in 6.6.131"
-# CVE-2026-43069 may need backporting (fixed from 6.6.131)
+CVE_STATUS[CVE-2026-43069] = "cpe-stable-backport: Backported in 6.6.131"
CVE_STATUS[CVE-2026-43070] = "fixed-version: only affects 6.18.17 onwards"
-# CVE-2026-43071 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43071] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43072 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43072] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43073 needs backporting (fixed from 7.1rc1)
+# CVE-2026-43073 needs backporting (fixed from 7.1)
-# CVE-2026-43074 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43074] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43075 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43075] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43076 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43076] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43077 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43077] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43078 may need backporting (fixed from 6.6.137)
+CVE_STATUS[CVE-2026-43078] = "cpe-stable-backport: Backported in 6.6.137"
-# CVE-2026-43079 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43079] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43080 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43080] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43081 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43081] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43082 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43082] = "cpe-stable-backport: Backported in 6.6.136"
# CVE-2026-43083 needs backporting (fixed from 7.0)
CVE_STATUS[CVE-2026-43084] = "fixed-version: only affects 6.12.75 onwards"
-# CVE-2026-43085 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43085] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43086 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43086] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43087] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43088 needs backporting (fixed from 7.0)
+# CVE-2026-43088 may need backporting (fixed from 6.6.143)
-# CVE-2026-43089 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43089] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43090] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43091 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43091] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43092 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43092] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43093 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43093] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43094 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43094] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43095] = "fixed-version: only affects 6.17 onwards"
@@ -22448,9 +22470,9 @@ CVE_STATUS[CVE-2026-43096] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43097] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43098 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43098] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43099 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43099] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43100] = "fixed-version: only affects 6.18 onwards"
@@ -22458,11 +22480,11 @@ CVE_STATUS[CVE-2026-43100] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-43102] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43103 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43103] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43104 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43104] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43105 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43105] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43106] = "fixed-version: only affects 6.19 onwards"
@@ -22470,37 +22492,35 @@ CVE_STATUS[CVE-2026-43106] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43108] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-43109 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43109] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-43110 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43110] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43111 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43111] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43112 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43112] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43113 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43113] = "cpe-stable-backport: Backported in 6.6.136"
-# CVE-2026-43114 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43114] = "cpe-stable-backport: Backported in 6.6.136"
# CVE-2026-43115 needs backporting (fixed from 7.0)
-# CVE-2026-43116 needs backporting (fixed from 7.0)
+# CVE-2026-43116 may need backporting (fixed from 6.6.143)
-# CVE-2026-43117 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43117] = "cpe-stable-backport: Backported in 6.6.136"
# CVE-2026-43118 needs backporting (fixed from 7.0)
# CVE-2026-43119 needs backporting (fixed from 7.0)
-# CVE-2026-43120 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43120] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43121] = "fixed-version: only affects 6.15 onwards"
-CVE_STATUS[CVE-2026-43122] = "fixed-version: only affects 6.18 onwards"
-
-# CVE-2026-43123 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43123] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43124 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43124] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43125 needs backporting (fixed from 7.0)
@@ -22508,55 +22528,55 @@ CVE_STATUS[CVE-2026-43122] = "fixed-version: only affects 6.18 onwards"
# CVE-2026-43127 may need backporting (fixed from 6.7)
-# CVE-2026-43128 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43128] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43129 needs backporting (fixed from 7.0)
+# CVE-2026-43129 may need backporting (fixed from 6.6.143)
-# CVE-2026-43130 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43130] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43131] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43132 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43132] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43133 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43133] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43134 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43134] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43135 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43135] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43136 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43136] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43137 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-43137] = "cpe-stable-backport: Backported in 6.6.141"
CVE_STATUS[CVE-2026-43138] = "fixed-version: only affects 6.9 onwards"
-# CVE-2026-43139 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43139] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43140 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43140] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43141 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43141] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43142] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43143 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43143] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43144] = "fixed-version: only affects 6.13 onwards"
-# CVE-2026-43145 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43145] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43146] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43147 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43147] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43148 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43148] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43149 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43149] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43150 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43150] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43151] = "fixed-version: only affects 6.18.3 onwards"
-# CVE-2026-43152 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43152] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43153 needs backporting (fixed from 7.0)
@@ -22564,21 +22584,21 @@ CVE_STATUS[CVE-2026-43154] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-43155] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43156 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43156] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43157 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43157] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43158 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43158] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43159 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43159] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43160] = "fixed-version: only affects 6.17 onwards"
# CVE-2026-43161 needs backporting (fixed from 7.0)
-# CVE-2026-43162 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43162] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43163 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43163] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43164] = "fixed-version: only affects 6.18 onwards"
@@ -22586,19 +22606,19 @@ CVE_STATUS[CVE-2026-43165] = "fixed-version: only affects 6.13 onwards"
CVE_STATUS[CVE-2026-43166] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43167 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43167] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43168 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43168] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43169] = "fixed-version: only affects 6.7 onwards"
-# CVE-2026-43170 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43170] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43171 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43171] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43172 needs backporting (fixed from 7.0)
-# CVE-2026-43173 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43173] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43174] = "fixed-version: only affects 6.15 onwards"
@@ -22612,27 +22632,27 @@ CVE_STATUS[CVE-2026-43178] = "fixed-version: only affects 6.12.70 onwards"
CVE_STATUS[CVE-2026-43179] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-43180 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43180] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43181] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-43182 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43182] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43183 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43183] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43184 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43184] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43185 needs backporting (fixed from 7.0)
-# CVE-2026-43186 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43186] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43187 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43187] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43188] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43189 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43189] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43190 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43190] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43191] = "fixed-version: only affects 6.7 onwards"
@@ -22640,11 +22660,11 @@ CVE_STATUS[CVE-2026-43192] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43193] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43194 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43194] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43195] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43196 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43196] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43197 needs backporting (fixed from 7.0)
@@ -22652,99 +22672,99 @@ CVE_STATUS[CVE-2026-43195] = "fixed-version: only affects 6.16 onwards"
# CVE-2026-43199 needs backporting (fixed from 7.0)
-# CVE-2026-43200 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43200] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43201] = "fixed-version: only affects 6.12.63 onwards"
-# CVE-2026-43202 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43202] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43203 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43203] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43204 needs backporting (fixed from 7.0)
-# CVE-2026-43205 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43205] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43206 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43206] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43207 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43207] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43208] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43209 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43209] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43210] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43211 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43211] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43212 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43212] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43213 needs backporting (fixed from 7.0)
-# CVE-2026-43214 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43214] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43215 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43215] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43216 needs backporting (fixed from 7.0)
CVE_STATUS[CVE-2026-43217] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43218 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43218] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43219 needs backporting (fixed from 7.0)
+# CVE-2026-43219 may need backporting (fixed from 6.6.143)
-CVE_STATUS[CVE-2026-43220] = "fixed-version: only affects 6.6.128 onwards"
+CVE_STATUS[CVE-2026-43220] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-43221 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43221] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43222 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43222] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43223 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43223] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43224] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43225 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43225] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43226 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43226] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43227 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43227] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43228] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-43229] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-43230 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43230] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43231 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43231] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43232 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43232] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43233 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43233] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43234 needs backporting (fixed from 7.0)
CVE_STATUS[CVE-2026-43235] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43236 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43236] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43237] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43238 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43238] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43239 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43239] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43240 may need backporting (fixed from 6.6.128)
+# CVE-2026-43240 may need backporting (fixed from 6.6.143)
-# CVE-2026-43241 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43241] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43242 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43242] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43243] = "fixed-version: only affects 6.11 onwards"
# CVE-2026-43244 needs backporting (fixed from 7.0)
-# CVE-2026-43245 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-43245] = "cpe-stable-backport: Backported in 6.6.141"
-# CVE-2026-43246 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43246] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43247] = "fixed-version: only affects 6.13 onwards"
@@ -22754,19 +22774,19 @@ CVE_STATUS[CVE-2026-43247] = "fixed-version: only affects 6.13 onwards"
# CVE-2026-43250 needs backporting (fixed from 7.0)
-# CVE-2026-43251 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43251] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43252 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43252] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43253 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43253] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43254] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43255 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43255] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43256 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43256] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43257 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43257] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43258 needs backporting (fixed from 7.0)
@@ -22774,67 +22794,67 @@ CVE_STATUS[CVE-2026-43259] = "fixed-version: only affects 6.15 onwards"
CVE_STATUS[CVE-2026-43260] = "fixed-version: only affects 6.11 onwards"
-# CVE-2026-43261 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43261] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43262 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43262] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43263] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-43264 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43264] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43265 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43265] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43266 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43266] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43267] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43268 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43268] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43269 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43269] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43270 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43270] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43271 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43271] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43272] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43273 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43273] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43274] = "fixed-version: only affects 6.14 onwards"
-# CVE-2026-43275 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43275] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43276] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43277 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43277] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43278 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43278] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43279 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43279] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43280] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43281 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43281] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43282] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43283 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43283] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43284 may need backporting (fixed from 6.6.138)
+CVE_STATUS[CVE-2026-43284] = "cpe-stable-backport: Backported in 6.6.138"
CVE_STATUS[CVE-2026-43285] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-43286] = "fixed-version: only affects 6.14.8 onwards"
-# CVE-2026-43287 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43287] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43288 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43288] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43289 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43289] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43290] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-43291 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43291] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43292] = "fixed-version: only affects 6.9 onwards"
@@ -22842,9 +22862,9 @@ CVE_STATUS[CVE-2026-43293] = "fixed-version: only affects 6.10 onwards"
# CVE-2026-43294 needs backporting (fixed from 7.0)
-# CVE-2026-43295 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43295] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43296 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43296] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43297] = "fixed-version: only affects 6.8 onwards"
@@ -22856,11 +22876,11 @@ CVE_STATUS[CVE-2026-43300] = "fixed-version: only affects 6.7 onwards"
CVE_STATUS[CVE-2026-43301] = "fixed-version: only affects 6.8 onwards"
-# CVE-2026-43302 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43302] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43303 needs backporting (fixed from 7.0)
+# CVE-2026-43303 may need backporting (fixed from 6.6.143)
-# CVE-2026-43304 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43304] = "cpe-stable-backport: Backported in 6.6.128"
CVE_STATUS[CVE-2026-43305] = "fixed-version: only affects 6.19 onwards"
@@ -22874,23 +22894,23 @@ CVE_STATUS[CVE-2026-43307] = "fixed-version: only affects 6.12 onwards"
# CVE-2026-43310 needs backporting (fixed from 7.0)
-# CVE-2026-43311 needs backporting (fixed from 7.0)
+# CVE-2026-43311 may need backporting (fixed from 6.6.143)
-# CVE-2026-43312 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43312] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43313 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43313] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43314 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43314] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43315 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43315] = "cpe-stable-backport: Backported in 6.6.128"
-# CVE-2026-43316 may need backporting (fixed from 6.6.128)
+CVE_STATUS[CVE-2026-43316] = "cpe-stable-backport: Backported in 6.6.128"
# CVE-2026-43317 needs backporting (fixed from 7.0)
# CVE-2026-43318 needs backporting (fixed from 7.0)
-# CVE-2026-43319 needs backporting (fixed from 7.0)
+CVE_STATUS[CVE-2026-43319] = "cpe-stable-backport: Backported in 6.6.142"
CVE_STATUS[CVE-2026-43320] = "fixed-version: only affects 6.10.13 onwards"
@@ -22900,49 +22920,49 @@ CVE_STATUS[CVE-2026-43322] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43323] = "fixed-version: only affects 6.12.78 onwards"
-# CVE-2026-43324 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43324] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43325] = "fixed-version: only affects 6.9 onwards"
CVE_STATUS[CVE-2026-43326] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43327 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43327] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43328 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43328] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43329 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43329] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43330 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43330] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43331 needs backporting (fixed from 7.0)
+# CVE-2026-43331 may need backporting (fixed from 6.6.143)
-# CVE-2026-43332 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43332] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43333 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43333] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43334 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43334] = "cpe-stable-backport: Backported in 6.6.134"
CVE_STATUS[CVE-2026-43335] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43336 may need backporting (fixed from 6.6.135)
+CVE_STATUS[CVE-2026-43336] = "cpe-stable-backport: Backported in 6.6.135"
CVE_STATUS[CVE-2026-43337] = "fixed-version: only affects 6.11.3 onwards"
# CVE-2026-43338 needs backporting (fixed from 7.0)
-# CVE-2026-43339 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43339] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43340 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43340] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43341 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43341] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43342 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43342] = "cpe-stable-backport: Backported in 6.6.134"
-# CVE-2026-43343 may need backporting (fixed from 6.6.134)
+CVE_STATUS[CVE-2026-43343] = "cpe-stable-backport: Backported in 6.6.134"
# CVE-2026-43344 needs backporting (fixed from 7.0)
-# CVE-2026-43345 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43345] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43346] = "fixed-version: only affects 6.12.11 onwards"
@@ -22952,7 +22972,7 @@ CVE_STATUS[CVE-2026-43348] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43349] = "fixed-version: only affects 6.18.13 onwards"
-# CVE-2026-43350 may need backporting (fixed from 6.6.136)
+CVE_STATUS[CVE-2026-43350] = "cpe-stable-backport: Backported in 6.6.136"
CVE_STATUS[CVE-2026-43351] = "fixed-version: only affects 6.14 onwards"
@@ -22962,71 +22982,71 @@ CVE_STATUS[CVE-2026-43351] = "fixed-version: only affects 6.14 onwards"
CVE_STATUS[CVE-2026-43354] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43355 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43355] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43356] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43357 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43357] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43358] = "fixed-version: only affects 6.16.4 onwards"
-# CVE-2026-43359 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43359] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43360 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43360] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43361 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43361] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43362 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43362] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43363 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43363] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43364] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43365 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43365] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43366 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43366] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43367] = "fixed-version: only affects 6.18.16 onwards"
-# CVE-2026-43368 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43368] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43369] = "fixed-version: only affects 6.18.16 onwards"
-# CVE-2026-43370 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43370] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43371 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43371] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43372 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43372] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43373 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43373] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43374] = "fixed-version: only affects 6.9 onwards"
CVE_STATUS[CVE-2026-43375] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43376 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43376] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43377 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43377] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43378 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43378] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43379 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43379] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43380 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43380] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43381 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43381] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43382 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43382] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43383 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43383] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43384] = "fixed-version: only affects 6.7 onwards"
CVE_STATUS[CVE-2026-43385] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43386 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43386] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43387 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43387] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43388] = "fixed-version: only affects 6.14 onwards"
@@ -23046,7 +23066,7 @@ CVE_STATUS[CVE-2026-43395] = "fixed-version: only affects 6.8 onwards"
CVE_STATUS[CVE-2026-43396] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43397 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43397] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43398] = "fixed-version: only affects 6.16 onwards"
@@ -23062,27 +23082,27 @@ CVE_STATUS[CVE-2026-43403] = "fixed-version: only affects 6.12 onwards"
CVE_STATUS[CVE-2026-43404] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43405 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43405] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43406 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43406] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43407 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43407] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43408] = "fixed-version: only affects 6.12.48 onwards"
-# CVE-2026-43409 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43409] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43410] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43411 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43411] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43412 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43412] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43413 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43413] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-43414 may need backporting (fixed from 6.7)
-# CVE-2026-43415 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43415] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-43416 needs backporting (fixed from 7.0)
@@ -23090,33 +23110,29 @@ CVE_STATUS[CVE-2026-43417] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43418] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43419 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43419] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43420 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43420] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43421 needs backporting (fixed from 7.0)
+# CVE-2026-43421 may need backporting (fixed from 6.6.143)
-CVE_STATUS[CVE-2026-43422] = "fixed-version: only affects 6.18.17 onwards"
+CVE_STATUS[CVE-2026-43424] = "cpe-stable-backport: Backported in 6.6.130"
-CVE_STATUS[CVE-2026-43423] = "fixed-version: only affects 6.18.17 onwards"
+CVE_STATUS[CVE-2026-43425] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43424 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43426] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43425 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43427] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43426 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43428] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43427 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43429] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43428 may need backporting (fixed from 6.6.130)
-
-# CVE-2026-43429 may need backporting (fixed from 6.6.130)
-
-# CVE-2026-43430 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43430] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43431] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43432 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43432] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43433] = "fixed-version: only affects 6.18 onwards"
@@ -23124,17 +23140,17 @@ CVE_STATUS[CVE-2026-43434] = "fixed-version: only affects 6.18 onwards"
CVE_STATUS[CVE-2026-43435] = "fixed-version: only affects 6.18 onwards"
-# CVE-2026-43436 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43436] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43437 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43437] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43438] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43439 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43439] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43440] = "fixed-version: only affects 6.18.16 onwards"
-# CVE-2026-43441 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43441] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43442] = "fixed-version: only affects 6.19 onwards"
@@ -23142,35 +23158,35 @@ CVE_STATUS[CVE-2026-43442] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43444] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43445 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43445] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43446] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43447] = "fixed-version: only affects 6.15 onwards"
-# CVE-2026-43448 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43448] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43449 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43449] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43450 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43450] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43451 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43451] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43452 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43452] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43453 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43453] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43454] = "fixed-version: only affects 6.16 onwards"
-# CVE-2026-43455 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43455] = "cpe-stable-backport: Backported in 6.6.130"
# CVE-2026-43456 needs backporting (fixed from 7.0)
-# CVE-2026-43457 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43457] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43458 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43458] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43459 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43459] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43460] = "fixed-version: only affects 6.14 onwards"
@@ -23184,27 +23200,27 @@ CVE_STATUS[CVE-2026-43463] = "fixed-version: only affects 6.7.3 onwards"
# CVE-2026-43465 may need backporting (fixed from 6.7)
-# CVE-2026-43466 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43466] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43467] = "fixed-version: only affects 6.12.56 onwards"
-# CVE-2026-43468 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43468] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43469 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43469] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43470] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-43471 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43471] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43472 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43472] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43473 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43473] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43474] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-43475 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43475] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43476 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43476] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43477] = "fixed-version: only affects 6.16 onwards"
@@ -23212,15 +23228,15 @@ CVE_STATUS[CVE-2026-43478] = "fixed-version: only affects 6.19 onwards"
CVE_STATUS[CVE-2026-43479] = "fixed-version: only affects 6.17 onwards"
-# CVE-2026-43480 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43480] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43481] = "fixed-version: only affects 6.13 onwards"
CVE_STATUS[CVE-2026-43482] = "fixed-version: only affects 6.12 onwards"
-# CVE-2026-43483 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43483] = "cpe-stable-backport: Backported in 6.6.130"
-# CVE-2026-43484 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43484] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43485] = "fixed-version: only affects 6.7 onwards"
@@ -23228,45 +23244,1947 @@ CVE_STATUS[CVE-2026-43486] = "fixed-version: only affects 6.9 onwards"
CVE_STATUS[CVE-2026-43487] = "fixed-version: only affects 6.9 onwards"
-# CVE-2026-43488 may need backporting (fixed from 6.6.130)
+CVE_STATUS[CVE-2026-43488] = "cpe-stable-backport: Backported in 6.6.130"
CVE_STATUS[CVE-2026-43489] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43490 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-43490] = "cpe-stable-backport: Backported in 6.6.141"
-# CVE-2026-43491 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43491] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-43492 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43492] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-43493 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43493] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-43494 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-43494] = "cpe-stable-backport: Backported in 6.6.141"
-# CVE-2026-43495 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43495] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-43496 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43496] = "cpe-stable-backport: Backported in 6.6.140"
-# CVE-2026-43497 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43497] = "cpe-stable-backport: Backported in 6.6.140"
CVE_STATUS[CVE-2026-43498] = "fixed-version: only affects 6.19 onwards"
-# CVE-2026-43499 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-43499] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-43500] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-43501] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-43502] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-43503] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45834] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45835] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45836] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45837] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-45838] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45839] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45840] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45841] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45842] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45843] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45844] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45845] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45846] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-45847] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45848] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45849] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-45850 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-45851] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45852] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45853] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-45854] = "fixed-version: only affects 6.15 onwards"
+
+# CVE-2026-45855 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45856] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45857] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45858] = "cpe-stable-backport: Backported in 6.6.130"
+
+# CVE-2026-45859 may need backporting (fixed from 6.7)
+
+CVE_STATUS[CVE-2026-45860] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-45861 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45862] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45863] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-45864] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45865] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45866] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45867] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45868] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45869] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45870] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45871] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45872] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45873] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45874] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-45875] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45876] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2026-45877 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45878] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45879] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45880] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45881] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45882] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-45883] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45884] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-45885] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45886] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45887] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-45888] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-45889] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45890] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45891] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45892] = "fixed-version: Fixed from version 6.1.168"
+
+# CVE-2026-45893 needs backporting (fixed from 7.0)
+
+# CVE-2026-45894 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45895] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45896] = "fixed-version: only affects 6.17 onwards"
+
+# CVE-2026-45897 may need backporting (fixed from 6.7)
+
+CVE_STATUS[CVE-2026-45898] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-45899] = "cpe-stable-backport: Backported in 6.6.130"
+
+CVE_STATUS[CVE-2026-45900] = "fixed-version: only affects 6.11 onwards"
+
+# CVE-2026-45901 may need backporting (fixed from 6.7)
+
+CVE_STATUS[CVE-2026-45902] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45903] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-45904] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45905] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45906] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-45907] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-45908] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45909] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45910] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45911] = "cpe-stable-backport: Backported in 6.6.130"
+
+CVE_STATUS[CVE-2026-45912] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45913] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45914] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45915] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45916] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-45917 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45918] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-45919] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45920] = "cpe-stable-backport: Backported in 6.6.130"
+
+CVE_STATUS[CVE-2026-45921] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45922] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-45923] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45924] = "cpe-stable-backport: Backported in 6.6.130"
+
+CVE_STATUS[CVE-2026-45925] = "fixed-version: only affects 6.12.18 onwards"
+
+CVE_STATUS[CVE-2026-45926] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-45927] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45928] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-45929] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2026-45930 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-45931] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2026-45932 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45933] = "fixed-version: only affects 6.11 onwards"
+
+# CVE-2026-45934 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45935] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45936] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45937] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-45938] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-45939] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2026-45940 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45941] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45942] = "cpe-stable-backport: Backported in 6.6.130"
+
+# CVE-2026-45943 needs backporting (fixed from 7.0)
+
+# CVE-2026-45944 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45945] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2026-45946] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45947] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45948] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-45949 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45950] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-45951] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-45952] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45953] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45954] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45955] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45956] = "cpe-stable-backport: Backported in 6.6.130"
+
+CVE_STATUS[CVE-2026-45957] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45958] = "cpe-stable-backport: Backported in 6.6.130"
+
+CVE_STATUS[CVE-2026-45959] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-45960] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-45961 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45962] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-45963 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-45964] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45965] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45966] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-45967] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-45968] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45969] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45970] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45971] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45972] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45973] = "fixed-version: only affects 6.12.2 onwards"
+
+CVE_STATUS[CVE-2026-45974] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45975] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-45976] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45977] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-45978] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45979] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-45980] = "fixed-version: only affects 6.14.9 onwards"
+
+CVE_STATUS[CVE-2026-45981] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45982] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45983] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45984] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-45985] = "cpe-stable-backport: Backported in 6.6.130"
+
+CVE_STATUS[CVE-2026-45986] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45987] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45988] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45989] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45990] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-45991] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45993] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45994] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45995] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-45996] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45997] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45998] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-45999] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46000] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46001] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-46002] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46003] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46004] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46005] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46006] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46007] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-46008] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-46009] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46010] = "fixed-version: only affects 6.16.9 onwards"
+
+CVE_STATUS[CVE-2026-46011] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46012] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46013] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-46014 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46015] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46016] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46017 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46018] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46019] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46020] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-46021] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46022] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46023] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46024] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46025] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-46026] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46027] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46028] = "cpe-stable-backport: Backported in 6.6.137"
+
+CVE_STATUS[CVE-2026-46029] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46030] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46031] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46032 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46033] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46034] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-46035] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46036] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-46037] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46038] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46039] = "fixed-version: only affects 6.16.9 onwards"
+
+CVE_STATUS[CVE-2026-46040] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46041] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-46042] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-46043] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46044 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46045] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46046] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46047] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46048] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46049] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46050] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46051] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46052] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46053] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46054 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-46055] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-46056] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46057] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-46058] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46059 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46060] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-46061] = "fixed-version: only affects 6.12.31 onwards"
+
+CVE_STATUS[CVE-2026-46062] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46063] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46064] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46065] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46066 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46067] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46068] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46069] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46070] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46071 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46072] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46073] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-46074] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-46075] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46076 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46077] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46078] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46079] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46080] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46081] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-46082] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46083] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46084] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46085] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46086] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46087] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-46088] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46089] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46090 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46091] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46092 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46093] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-46094] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46095] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46096] = "fixed-version: only affects 6.18.3 onwards"
+
+CVE_STATUS[CVE-2026-46097] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-46098] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46099] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46100] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-46101] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46102] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46103] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46104] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2026-46105] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-46106] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46107] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46108] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46109] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46110] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46111] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46112] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46113] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46114] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46115] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46116] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46117] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-46118] = "fixed-version: only affects 6.18.32 onwards"
+
+CVE_STATUS[CVE-2026-46119] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46120] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46121] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46122] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46123] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46124] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46125] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46126] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-46127] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46128] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46129] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46130 may need backporting (fixed from 6.7)
+
+CVE_STATUS[CVE-2026-46131] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46132] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46133] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46134] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2026-46135 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-46136] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46137] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46138] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46139] = "fixed-version: only affects 6.12.23 onwards"
+
+# CVE-2026-46140 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-46141] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46142] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46143] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46144] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46145] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46146] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46147 needs backporting (fixed from 7.1)
+
+# CVE-2026-46148 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46149] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46150] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46151] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46152] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46153 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46154] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46155] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46156] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46157 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46158] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-46159] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46160] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46161] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46162] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-46163] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46164] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46165] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46166] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-46167] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46168] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46169] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46170] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-46171 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46172] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46173] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46174] = "cpe-stable-backport: Backported in 6.6.139"
+
+# CVE-2026-46175 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46176] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46177] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46178] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46179] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46180] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46181 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46182] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46183] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46184] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46185] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46186] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46187] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46188] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-46189] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46190] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46191] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46192] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-46193] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46194] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46195] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46196] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46197] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46198] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46199] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46200 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46201] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-46202] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-46203] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-46204] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46205] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46206] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46207] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-46208] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46209] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46210] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46211] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-46212] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46213] = "fixed-version: only affects 6.15.6 onwards"
+
+CVE_STATUS[CVE-2026-46214] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46215] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46216] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-46218] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46219] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46220] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46221] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46222] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46223] = "fixed-version: only affects 6.19.12 onwards"
+
+CVE_STATUS[CVE-2026-46224] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46225] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46226] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46227] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46228] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-46229] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46230] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46231] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46232] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46233] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46234] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46235] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46236] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46238] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46239] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-46240] = "fixed-version: only affects 6.18.16 onwards"
+
+# CVE-2026-46241 needs backporting (fixed from 7.1)
+
+# CVE-2026-46242 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-46243] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-46244] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-46245 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-46246] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-46247] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46248] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-46249] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46250] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46251] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-46252 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-46253] = "cpe-stable-backport: Backported in 6.6.128"
+
+# CVE-2026-46254 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-46255] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46256] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-46257] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46258] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46259] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46260] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46261] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46262] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46263] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-46264] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46265] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46266] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46267] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46268] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-46269] = "fixed-version: only affects 6.15.10 onwards"
+
+CVE_STATUS[CVE-2026-46270] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46271] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2026-46272 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-46273] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46274] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46275] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-46276] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46277] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46278] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-46279] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-46280] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46281] = "fixed-version: only affects 6.18 onwards"
+
+# CVE-2026-46282 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46283] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-46284] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-46285] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46286] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46287] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46288] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-46289] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46290] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-46291] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46292] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46293] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46294] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46295] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-46296] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46297] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-46298] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46299] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46300] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-46301] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-46302 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46303] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46304] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46305] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-46306] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46307] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46308] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46309] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-46310] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-46311] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-46312] = "cpe-stable-backport: Backported in 6.6.140"
+
+CVE_STATUS[CVE-2026-46313] = "fixed-version: only affects 6.10 onwards"
+
+# CVE-2026-46314 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-46315] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-46316] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-46317] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-46318] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-46319] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-46320 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-46321 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-46322 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-46323] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-46324 needs backporting (fixed from 7.1)
+
+# CVE-2026-46325 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-46326] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-46327] = "fixed-version: only affects 6.12.34 onwards"
+
+CVE_STATUS[CVE-2026-46328] = "cpe-stable-backport: Backported in 6.6.128"
+
+CVE_STATUS[CVE-2026-46329] = "fixed-version: only affects 6.12 onwards"
+
+# CVE-2026-46330 needs backporting (fixed from 7.0)
+
+# CVE-2026-46331 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-46332] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-46333] = "cpe-stable-backport: Backported in 6.6.139"
+
+CVE_STATUS[CVE-2026-52904] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-52905] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-52906] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-52907] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-52908 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52909 may need backporting (fixed from 6.6.144)
+
+# CVE-2026-52910 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52911] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52912] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-52913 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52914] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-52915] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-52916] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-52917 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52918] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-52919] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-52920] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52921] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-52922] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-52923 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52924 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52925] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52926] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-52927 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52928 may need backporting (fixed from 6.6.144)
+
+# CVE-2026-52929 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52930 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52931] = "cpe-stable-backport: Backported in 6.6.142"
+
+CVE_STATUS[CVE-2026-52932] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-52933] = "cpe-stable-backport: Backported in 6.6.140"
+
+# CVE-2026-52934 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52935 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52936] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-52937 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-52938] = "fixed-version: only affects 7.0 onwards"
+
+# CVE-2026-52939 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52940] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-52941] = "cpe-stable-backport: Backported in 6.6.142"
+
+# CVE-2026-52942 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52943 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52944 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52945] = "fixed-version: only affects 6.15.3 onwards"
+
+# CVE-2026-52946 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52947 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-52948 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-52949] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-52950] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-52951] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-52952] = "fixed-version: only affects 7.0 onwards"
+
+# CVE-2026-52953 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-52954] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52955] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-52956 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-52957] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52958] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52959] = "fixed-version: only affects 6.13.8 onwards"
+
+CVE_STATUS[CVE-2026-52960] = "fixed-version: only affects 6.15 onwards"
+
+# CVE-2026-52961 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-52962] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52963] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52964] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52965] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2026-52966] = "fixed-version: only affects 6.18.32 onwards"
+
+CVE_STATUS[CVE-2026-52967] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52968] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52969] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52970] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52971] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-52972] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52973] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-52974] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52975] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52976] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-52977] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52978] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-52979] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-52980] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-52981] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52982] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52983] = "fixed-version: only affects 6.12.91 onwards"
+
+CVE_STATUS[CVE-2026-52984] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52985] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52986] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52987] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-52988 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-52989] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-52990 needs backporting (fixed from 7.1)
+
+# CVE-2026-52991 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-52992] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52993] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52994] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-52995] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52996] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52997] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-52998] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-52999] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53000 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53001] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53002] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53003] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53004] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53005 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53006] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53007] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-53008] = "fixed-version: only affects 6.18 onwards"
+
+# CVE-2026-53009 needs backporting (fixed from 7.1)
+
+# CVE-2026-53010 may need backporting (fixed from 6.7)
+
+CVE_STATUS[CVE-2026-53011] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53012] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53013] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53014] = "fixed-version: only affects 6.8 onwards"
+
+# CVE-2026-53015 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53016] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53017 needs backporting (fixed from 7.1)
+
+# CVE-2026-53018 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53019] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-53020] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53021] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53022] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53023] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53024 needs backporting (fixed from 7.1)
+
+# CVE-2026-53025 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53026] = "fixed-version: only affects 6.18.4 onwards"
+
+# CVE-2026-53027 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53028] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-53029] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-53030] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53031] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-53032] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53033] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53034] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53035] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53036] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53037] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53038] = "fixed-version: only affects 6.10 onwards"
+
+CVE_STATUS[CVE-2026-53039] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53040] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53041] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53042] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53043] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53044] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53045] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53046] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53047] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53048] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53049] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53050] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53051] = "fixed-version: only affects 6.12.2 onwards"
+
+CVE_STATUS[CVE-2026-53052] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53053 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53054] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53055] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53056] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53057] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2026-53058] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53059] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53060] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53061] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53062] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53063] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53064] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53065] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53066] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53067] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53068] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53069] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53070 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53071] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53072] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53073] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53074] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53075] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53076] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53077] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53078 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53079] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-53080 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53081] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-53082] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53083] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53084] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-53085] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-53086] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53087] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53088] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53089 needs backporting (fixed from 7.1)
+
+# CVE-2026-53090 needs backporting (fixed from 7.1)
+
+# CVE-2026-53091 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53092] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-53093] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53094] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53095] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-53096] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53097 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53098] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53099] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-53100] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-53101] = "fixed-version: only affects 6.9 onwards"
+
+# CVE-2026-53102 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53103] = "fixed-version: only affects 6.11.2 onwards"
+
+CVE_STATUS[CVE-2026-53104] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-53105] = "fixed-version: only affects 6.11 onwards"
+
+# CVE-2026-53106 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53107] = "fixed-version: only affects 6.18.16 onwards"
+
+# CVE-2026-53108 needs backporting (fixed from 7.1)
+
+# CVE-2026-53109 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53110] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53111] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53112] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53113 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53114] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2026-53115 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53116] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53117] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53118 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53119] = "fixed-version: only affects 6.11 onwards"
+
+# CVE-2026-53120 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53121] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2026-53122 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53123] = "fixed-version: only affects 6.7 onwards"
+
+CVE_STATUS[CVE-2026-53124] = "fixed-version: only affects 6.14.6 onwards"
+
+CVE_STATUS[CVE-2026-53125] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53126] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53127] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53128] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53129 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53130] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53131 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53132 needs backporting (fixed from 7.1)
+
+# CVE-2026-53133 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53134 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53135 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53136 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53137 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53138 may need backporting (fixed from 6.6.144)
+
+# CVE-2026-53139 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-53140] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-53141] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-53142] = "fixed-version: only affects 6.8 onwards"
+
+# CVE-2026-53143 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53144 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53145] = "fixed-version: only affects 6.18.32 onwards"
+
+# CVE-2026-53146 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53147 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53148 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53149 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53150 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53151 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-53152] = "fixed-version: only affects 6.12.78 onwards"
+
+CVE_STATUS[CVE-2026-53153] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2026-53154 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53155] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-53156 needs backporting (fixed from 7.1)
+
+# CVE-2026-53157 may need backporting (fixed from 6.6.144)
+
+# CVE-2026-53158 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53159 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53160 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53161 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53162] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2026-53163 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-53164] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-53165] = "fixed-version: only affects 7.0 onwards"
+
+# CVE-2026-53166 may need backporting (fixed from 6.7)
+
+# CVE-2026-53167 may need backporting (fixed from 6.6.144)
+
+# CVE-2026-53168 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53169] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53170] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53171] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53172] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53173] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53174] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53175] = "fixed-version: only affects 6.12.93 onwards"
+
+# CVE-2026-53176 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53177 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53178 needs backporting (fixed from 7.1)
+
+# CVE-2026-53179 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53180] = "fixed-version: only affects 6.9 onwards"
+
+# CVE-2026-53181 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53182 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53183 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53184 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53185 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53186 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53187] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53188] = "fixed-version: only affects 6.15 onwards"
+
+# CVE-2026-53189 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53190 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53191] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-53192] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-53193] = "fixed-version: only affects 6.12 onwards"
+
+# CVE-2026-53194 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53195 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53196 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53197] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2026-53198 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53199 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53200] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53201] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-53202] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-53203] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-53204] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53205] = "fixed-version: only affects 6.12.30 onwards"
+
+CVE_STATUS[CVE-2026-53206] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-53207 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53208 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53209 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53210] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-53211] = "fixed-version: only affects 6.18 onwards"
+
+# CVE-2026-53212 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53213 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53214 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53215 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53216 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53217 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53218 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53219 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53220 needs backporting (fixed from 7.1)
+
+# CVE-2026-53221 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53222] = "fixed-version: only affects 6.18 onwards"
+
+# CVE-2026-53223 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53224 needs backporting (fixed from 7.1)
+
+# CVE-2026-53225 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53226 needs backporting (fixed from 7.1)
+
+# CVE-2026-53227 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53228 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53229 needs backporting (fixed from 7.1)
+
+# CVE-2026-53230 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53231] = "fixed-version: only affects 7.0 onwards"
+
+# CVE-2026-53232 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53233] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-53234] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-53235] = "fixed-version: only affects 6.10 onwards"
+
+# CVE-2026-53236 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53237 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53238 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53239 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53240] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-53241] = "fixed-version: only affects 6.10 onwards"
+
+# CVE-2026-53242 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53243] = "fixed-version: only affects 7.0.10 onwards"
+
+CVE_STATUS[CVE-2026-53244] = "fixed-version: only affects 7.0 onwards"
+
+# CVE-2026-53245 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53246 needs backporting (fixed from 7.1)
+
+# CVE-2026-53247 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53248] = "fixed-version: only affects 6.15 onwards"
+
+# CVE-2026-53249 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53250] = "fixed-version: only affects 6.8 onwards"
+
+CVE_STATUS[CVE-2026-53251] = "fixed-version: only affects 6.12.2 onwards"
+
+# CVE-2026-53252 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53253 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53254 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53255 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53256 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53257] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2026-53258 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53259] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53260] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-53261] = "fixed-version: only affects 6.7 onwards"
+
+# CVE-2026-53262 needs backporting (fixed from 7.1)
+
+# CVE-2026-53263 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53264 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53265 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53266 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53267 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53268 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53269 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53270 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53271 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53272 needs backporting (fixed from 7.1)
+
+# CVE-2026-53273 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53274 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53275 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53276] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53277] = "fixed-version: only affects 6.12 onwards"
+
+CVE_STATUS[CVE-2026-53278] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53279] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53280] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-53281] = "fixed-version: only affects 6.12.57 onwards"
+
+CVE_STATUS[CVE-2026-53282] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-53283] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2026-53284 needs backporting (fixed from 7.1)
+
+# CVE-2026-53285 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53286] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53287] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53288] = "fixed-version: only affects 6.12.54 onwards"
+
+CVE_STATUS[CVE-2026-53289] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53290] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53291] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53292 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53293] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53294] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53295] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53296] = "cpe-stable-backport: Backported in 6.6.141"
+
+# CVE-2026-53297 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53298] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-53299] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53300] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-53301] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2026-53302] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53303] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53304] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53305] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53306] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53307] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53308] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53309] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53310] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-53311] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-53312] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2026-53313 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53314] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53315] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53316] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-53317 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53318] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-53319] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-53320] = "cpe-stable-backport: Backported in 6.6.141"
+
+CVE_STATUS[CVE-2026-53321] = "fixed-version: only affects 6.9 onwards"
+
+CVE_STATUS[CVE-2026-53322] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-53323] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2026-53324] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2026-53325 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-53326] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-53327 may need backporting (fixed from 6.6.144)
+
+CVE_STATUS[CVE-2026-53328] = "fixed-version: only affects 6.12 onwards"
+
+# CVE-2026-53329 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53330 needs backporting (fixed from 7.1)
+
+# CVE-2026-53331 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53332 needs backporting (fixed from 7.1)
+
+CVE_STATUS[CVE-2026-53333] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-53334] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-53335] = "fixed-version: only affects 6.18 onwards"
+
+# CVE-2026-53336 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53337 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53338] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2026-53339 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53340] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2026-53341] = "fixed-version: only affects 6.11 onwards"
+
+CVE_STATUS[CVE-2026-53342] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2026-53343 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53344] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-53345 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53346] = "fixed-version: only affects 6.12 onwards"
+
+# CVE-2026-53347 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53348] = "fixed-version: only affects 6.19 onwards"
+
+# CVE-2026-53349 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53350 may need backporting (fixed from 6.6.143)
+
+CVE_STATUS[CVE-2026-53351] = "fixed-version: only affects 7.0 onwards"
+
+# CVE-2026-53352 may need backporting (fixed from 6.6.143)
+
+# CVE-2026-53353 may need backporting (fixed from 6.6.143)
-# CVE-2026-43500 may need backporting (fixed from 6.6.140)
+# CVE-2026-53354 may need backporting (fixed from 6.6.143)
-# CVE-2026-43501 may need backporting (fixed from 6.6.140)
+# CVE-2026-53355 may need backporting (fixed from 6.6.143)
-# CVE-2026-43502 may need backporting (fixed from 6.6.140)
+# CVE-2026-53356 may need backporting (fixed from 6.6.143)
-# CVE-2026-43503 may need backporting (fixed from 6.6.141)
+CVE_STATUS[CVE-2026-53357] = "cpe-stable-backport: Backported in 6.6.142"
-# CVE-2026-45834 may need backporting (fixed from 6.6.140)
+# CVE-2026-53358 may need backporting (fixed from 6.6.143)
-# CVE-2026-45835 may need backporting (fixed from 6.6.140)
+# CVE-2026-53359 may need backporting (fixed from 6.6.144)
-# CVE-2026-45836 may need backporting (fixed from 6.6.140)
+CVE_STATUS[CVE-2026-53360] = "fixed-version: only affects 6.10 onwards"
-# CVE-2026-46300 may need backporting (fixed from 6.6.141)
+# CVE-2026-53361 may need backporting (fixed from 6.6.144)
-# CVE-2026-46333 may need backporting (fixed from 6.6.139)
+# CVE-2026-53362 may need backporting (fixed from 6.6.144)
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 17/25] binutils: Fix CVE-2026-6846
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (15 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 16/25] linux-yocto/6.6: update CVE exclusions (6.6.142) Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 18/25] qemu: Fix CVE-2025-14876 Yoann Congal
` (7 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Shubham Pushpkar <spushpka@cisco.com>
This patch applies the upstream fix as referenced in [2], using the commit shown in [1].
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a089e0302382f4d4e077941156e1eaa68d01393
[2] https://security-tracker.debian.org/tracker/CVE-2026-6846
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../binutils/binutils-2.42.inc | 1 +
.../binutils/binutils/CVE-2026-6846.patch | 57 +++++++++++++++++++
2 files changed, 58 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 7e83f72632f..3ed80a82924 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -74,5 +74,6 @@ SRC_URI = "\
file://0030-CVE-2025-11840.patch \
file://CVE-2025-69644-CVE-2025-69647.patch \
file://CVE-2025-69648.patch \
+ file://CVE-2026-6846.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch b/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch
new file mode 100644
index 00000000000..8eaca87583d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch
@@ -0,0 +1,57 @@
+From 2a340616f7e6591f83e85777d1d1f6108c33f5b8 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 6 Apr 2026 22:58:22 +0930
+Subject: [PATCH] PR 34049 buffer overflow in xcoff_link_add_symbols
+
+The fact that coffcode.h:coff_set_alignment_hook for rs6000 removes
+sections can result in target_index > section_count. Thus any array
+indexed by target_index must not be sized by section_count.
+
+ PR ld/34049
+ * xcofflink.c (xcoff_link_add_symbols): Size reloc_info array
+ using max target_index.
+
+CVE: CVE-2026-6846
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=7a089e0302382f4d4e077941156e1eaa68d01393]
+
+(cherry picked from commit 7a089e0302382f4d4e077941156e1eaa68d01393)
+Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
+---
+ bfd/xcofflink.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/xcofflink.c b/bfd/xcofflink.c
+index 6ef9abcd8..196967ed0 100644
+--- a/bfd/xcofflink.c
++++ b/bfd/xcofflink.c
+@@ -1300,6 +1300,7 @@ xcoff_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
+ } *reloc_info = NULL;
+ bfd_size_type amt;
+ unsigned short visibility;
++ unsigned int max_target_index;
+
+ keep_syms = obj_coff_keep_syms (abfd);
+
+@@ -1363,7 +1364,19 @@ xcoff_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
+ order by VMA within a given section, so we handle this by
+ scanning along the relocs as we process the csects. We index
+ into reloc_info using the section target_index. */
+- amt = abfd->section_count + 1;
++ max_target_index = 0;
++ for (o = abfd->section_last; o != NULL; o = o->prev)
++ if (o->target_index != 0)
++ {
++ /* The last section added from the object file will have the
++ highest target_index. See coffgen.c coff_real_object_p and
++ make_a_section_from_file. Sections added by
++ xcoff_link_create_extra_sections will have a zero
++ target_index. */
++ max_target_index = o->target_index;
++ break;
++ }
++ amt = max_target_index + 1;
+ amt *= sizeof (struct reloc_info_struct);
+ reloc_info = bfd_zmalloc (amt);
+ if (reloc_info == NULL)
+--
+2.35.6
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 18/25] qemu: Fix CVE-2025-14876
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (16 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 17/25] binutils: Fix CVE-2026-6846 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 19/25] qemu: Fix CVE-2026-0665 Yoann Congal
` (6 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Ashishkumar Parmar <asparmar@cisco.com>
This patch applies the upstream v10.0.8 stable backport for
CVE-2025-14876. The upstream fix commit is referenced in [1],
and the public CVE advisory is referenced in [2]. The individual
backported commit links are recorded in the embedded patch headers
when the fix expands to multiple commits.
[1] https://gitlab.com/qemu-project/qemu/-/commit/e649201bb96ae7e91a69d57392c8907ec085111e
[2] https://access.redhat.com/security/cve/CVE-2025-14876
Signed-off-by: Ashishkumar Parmar <asparmar@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/qemu/qemu.inc | 2 +
.../qemu/qemu/CVE-2025-14876_p1.patch | 52 +++++++++++++++++
.../qemu/qemu/CVE-2025-14876_p2.patch | 56 +++++++++++++++++++
3 files changed, 110 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index ff8877e54b7..f973c0a8d1e 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -48,6 +48,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2025-11234-01.patch \
file://CVE-2025-11234-02.patch \
file://CVE-2024-6519.patch \
+ file://CVE-2025-14876_p1.patch \
+ file://CVE-2025-14876_p2.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch
new file mode 100644
index 00000000000..1f47ff2ebcc
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch
@@ -0,0 +1,52 @@
+From 96ac1b4f958287776ec2199749beaaad60148a85 Mon Sep 17 00:00:00 2001
+From: zhenwei pi <pizhenwei@tensorfer.com>
+Date: Sun, 21 Dec 2025 10:43:20 +0800
+Subject: [PATCH] hw/virtio/virtio-crypto: verify asym request size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The total lenght of request is limited by cryptodev config, verify it
+to avoid unexpected request from guest.
+
+CVE: CVE-2025-14876
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/e649201bb96ae7e91a69d57392c8907ec085111e]
+
+Fixes: CVE-2025-14876
+Fixes: 0e660a6f90a ("crypto: Introduce RSA algorithm")
+Reported-by: 이재영 <nakamurajames123@gmail.com>
+Signed-off-by: zhenwei pi <zhenwei.pi@linux.dev>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20251221024321.143196-2-zhenwei.pi@linux.dev>
+(cherry picked from commit 91c6438caffc880e999a7312825479685d659b44)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+(cherry picked from commit e649201bb96ae7e91a69d57392c8907ec085111e)
+Signed-off-by: Ashishkumar Parmar <asparmar@cisco.com>
+---
+ hw/virtio/virtio-crypto.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 4aaced74b..6927f7d1a 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -767,11 +767,18 @@ virtio_crypto_handle_asym_req(VirtIOCrypto *vcrypto,
+ uint32_t len;
+ uint8_t *src = NULL;
+ uint8_t *dst = NULL;
++ uint64_t max_len;
+
+ asym_op_info = g_new0(CryptoDevBackendAsymOpInfo, 1);
+ src_len = ldl_le_p(&req->para.src_data_len);
+ dst_len = ldl_le_p(&req->para.dst_data_len);
+
++ max_len = (uint64_t)src_len + dst_len;
++ if (unlikely(max_len > vcrypto->conf.max_size)) {
++ virtio_error(vdev, "virtio-crypto asym request is too large");
++ goto err;
++ }
++
+ if (src_len > 0) {
+ src = g_malloc0(src_len);
+ len = iov_to_buf(iov, out_num, 0, src, src_len);
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch
new file mode 100644
index 00000000000..60432c8ebb9
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch
@@ -0,0 +1,56 @@
+From 17f89320724d16437a26a250c82b1649777387f1 Mon Sep 17 00:00:00 2001
+From: zhenwei pi <pizhenwei@tensorfer.com>
+Date: Sun, 21 Dec 2025 10:43:21 +0800
+Subject: [PATCH] cryptodev-builtin: Limit the maximum size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This backend driver is used for demonstration purposes only, unlimited
+size leads QEMU OOM.
+
+CVE: CVE-2025-14876
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/3464e88bc98d72acc3a9674054b9ed0c3d4e9b90]
+
+Fixes: CVE-2025-14876
+Fixes: 1653a5f3fc7 ("cryptodev: introduce a new cryptodev backend")
+Reported-by: 이재영 <nakamurajames123@gmail.com>
+Signed-off-by: zhenwei pi <zhenwei.pi@linux.dev>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20251221024321.143196-3-zhenwei.pi@linux.dev>
+(cherry picked from commit 7b913094c703641a0442bb1d1165323a019c591c)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+(cherry picked from commit 3464e88bc98d72acc3a9674054b9ed0c3d4e9b90)
+Signed-off-by: Ashishkumar Parmar <asparmar@cisco.com>
+---
+ backends/cryptodev-builtin.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
+index 940104ee5..a4c544b6d 100644
+--- a/backends/cryptodev-builtin.c
++++ b/backends/cryptodev-builtin.c
+@@ -53,6 +53,8 @@ typedef struct CryptoDevBackendBuiltinSession {
+
+ #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512
+ #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64
++/* demonstration purposes only, use a limited size to avoid QEMU OOM */
++#define CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE (1024 * 1024)
+
+ struct CryptoDevBackendBuiltin {
+ CryptoDevBackend parent_obj;
+@@ -98,12 +100,7 @@ static void cryptodev_builtin_init(
+ 1u << QCRYPTODEV_BACKEND_SERVICE_MAC;
+ backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
+ backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
+- /*
+- * Set the Maximum length of crypto request.
+- * Why this value? Just avoid to overflow when
+- * memory allocation for each crypto request.
+- */
+- backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
++ backend->conf.max_size = CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE;
+ backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
+ backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
+ cryptodev_builtin_init_akcipher(backend);
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 19/25] qemu: Fix CVE-2026-0665
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (17 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 18/25] qemu: Fix CVE-2025-14876 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 20/25] qemu: Fix CVE-2026-2243 Yoann Congal
` (5 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Ashishkumar Parmar <asparmar@cisco.com>
This patch applies the upstream v10.0.8 stable backport for
CVE-2026-0665. The upstream fix commit is referenced in [1],
and the public CVE advisory is referenced in [2]. The individual
backported commit links are recorded in the embedded patch headers
when the fix expands to multiple commits.
[1] https://gitlab.com/qemu-project/qemu/-/commit/4ba877461e6b1a8637b15ff1a8c77ba97639c927
[2] https://access.redhat.com/security/cve/CVE-2026-0665
Signed-off-by: Ashishkumar Parmar <asparmar@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2026-0665.patch | 38 +++++++++++++++++++
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index f973c0a8d1e..73b2f3e6074 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -50,6 +50,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2024-6519.patch \
file://CVE-2025-14876_p1.patch \
file://CVE-2025-14876_p2.patch \
+ file://CVE-2026-0665.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch b/meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch
new file mode 100644
index 00000000000..9264ba38cc6
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch
@@ -0,0 +1,38 @@
+From 91e98ce0a879010ef5b5ab5778cc71c0e9e92a57 Mon Sep 17 00:00:00 2001
+From: Vulnerability Report <vr@darknavy.com>
+Date: Fri, 9 Jan 2026 10:35:48 +0800
+Subject: [PATCH] hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq()
+
+Reject pirq == s->nr_pirqs in xen_physdev_map_pirq().
+
+CVE: CVE-2026-0665
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4ba877461e6b1a8637b15ff1a8c77ba97639c927]
+
+Fixes: aa98ee38a5 ("hw/xen: Implement emulated PIRQ hypercall support")
+Fixes: CVE-2026-0665
+Reported-by: DARKNAVY (@DarkNavyOrg) <vr@darknavy.com>
+Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>
+Signed-off-by: Vulnerability Report <vr@darknavy.com>
+Link: https://lore.kernel.org/r/13FE03BE60EA78D6+20260109023548.4047-1-vr@darknavy.com
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit c7504ba2a560fd884557f6e5142f03b491aad0c7)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+(cherry picked from commit 4ba877461e6b1a8637b15ff1a8c77ba97639c927)
+Signed-off-by: Ashishkumar Parmar <asparmar@cisco.com>
+---
+ hw/i386/kvm/xen_evtchn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
+index 02b8cbf8d..5a1ad3782 100644
+--- a/hw/i386/kvm/xen_evtchn.c
++++ b/hw/i386/kvm/xen_evtchn.c
+@@ -1843,7 +1843,7 @@ int xen_physdev_map_pirq(struct physdev_map_pirq *map)
+ return pirq;
+ }
+ map->pirq = pirq;
+- } else if (pirq > s->nr_pirqs) {
++ } else if (pirq >= s->nr_pirqs) {
+ return -EINVAL;
+ } else {
+ /*
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 20/25] qemu: Fix CVE-2026-2243
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (18 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 19/25] qemu: Fix CVE-2026-0665 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 21/25] cargo: Fix CVE-2026-5222 Yoann Congal
` (4 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Ashishkumar Parmar <asparmar@cisco.com>
This patch applies the upstream v10.0.9 stable backport for
CVE-2026-2243. The upstream fix commit is referenced in [1],
and the public CVE advisory is referenced in [2]. The individual
backported commit links are recorded in the embedded patch headers
when the fix expands to multiple commits.
[1] https://gitlab.com/qemu-project/qemu/-/commit/37ff880a1252de304985c7e8493765014012ed2f
[2] https://access.redhat.com/security/cve/CVE-2026-2243
Signed-off-by: Ashishkumar Parmar <asparmar@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2026-2243.patch | 45 +++++++++++++++++++
2 files changed, 46 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 73b2f3e6074..46cc7cb5cb0 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -51,6 +51,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2025-14876_p1.patch \
file://CVE-2025-14876_p2.patch \
file://CVE-2026-0665.patch \
+ file://CVE-2026-2243.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch b/meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch
new file mode 100644
index 00000000000..f67dae85dc9
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch
@@ -0,0 +1,45 @@
+From 8480e4b3718302e7f63efb87e07720f70509c8c7 Mon Sep 17 00:00:00 2001
+From: "Halil Oktay (oblivionsage)" <cookieandcream560@gmail.com>
+Date: Tue, 10 Feb 2026 13:33:25 +0100
+Subject: [PATCH] block/vmdk: fix OOB read in vmdk_read_extent()
+
+Bounds check for marker.size doesn't account for the 12-byte marker
+header, allowing zlib to read past the allocated buffer.
+
+Move the check inside the has_marker block and subtract the marker size.
+
+CVE: CVE-2026-2243
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/37ff880a1252de304985c7e8493765014012ed2f]
+
+Fixes: CVE-2026-2243
+Reported-by: Halil Oktay (oblivionsage) <cookieandcream560@gmail.com>
+Signed-off-by: Halil Oktay (oblivionsage) <cookieandcream560@gmail.com>
+Reviewed-by: Kevin Wolf <kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry picked from commit cfda94eddb6c9c49b66461c950b22845a46a75c9)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+(cherry picked from commit 37ff880a1252de304985c7e8493765014012ed2f)
+Signed-off-by: Ashishkumar Parmar <asparmar@cisco.com>
+---
+ block/vmdk.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/block/vmdk.c b/block/vmdk.c
+index d6971c706..7f63d0947 100644
+--- a/block/vmdk.c
++++ b/block/vmdk.c
+@@ -1949,10 +1949,10 @@ vmdk_read_extent(VmdkExtent *extent, int64_t cluster_offset,
+ marker = (VmdkGrainMarker *)cluster_buf;
+ compressed_data = marker->data;
+ data_len = le32_to_cpu(marker->size);
+- }
+- if (!data_len || data_len > buf_bytes) {
+- ret = -EINVAL;
+- goto out;
++ if (!data_len || data_len > buf_bytes - sizeof(VmdkGrainMarker)) {
++ ret = -EINVAL;
++ goto out;
++ }
+ }
+ ret = uncompress(uncomp_buf, &buf_len, compressed_data, data_len);
+ if (ret != Z_OK) {
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 21/25] cargo: Fix CVE-2026-5222
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (19 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 20/25] qemu: Fix CVE-2026-2243 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 22/25] cargo: Fix CVE-2026-5223 Yoann Congal
` (3 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Anil Dongare <adongare@cisco.com>
This patch applies the upstream fix as referenced in [2], using the commit shown in [1].
[1] https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f
[2] https://security-tracker.debian.org/tracker/CVE-2026-5222
Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../rust/files/CVE-2026-5222.patch | 92 +++++++++++++++++++
meta/recipes-devtools/rust/rust-source.inc | 1 +
2 files changed, 93 insertions(+)
create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5222.patch
diff --git a/meta/recipes-devtools/rust/files/CVE-2026-5222.patch b/meta/recipes-devtools/rust/files/CVE-2026-5222.patch
new file mode 100644
index 00000000000..50ba608c1c3
--- /dev/null
+++ b/meta/recipes-devtools/rust/files/CVE-2026-5222.patch
@@ -0,0 +1,92 @@
+From c4d63a44234de22dc745231c416b80ed848d997f Mon Sep 17 00:00:00 2001
+From: Arlo Siemsen <arkixml@gmail.com>
+Date: Mon, 25 May 2026 09:49:43 +0200
+Subject: [PATCH] CVE-2026-5222: avoid stripping .git suffix when for non git
+ registries
+
+CVE: CVE-2026-5222
+Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f]
+
+(cherry picked from commit c4d63a44234de22dc745231c416b80ed848d997f)
+Signed-off-by: Anil Dongare <adongare@cisco.com>
+---
+ src/tools/cargo/src/cargo/sources/git/source.rs | 7 +++++++
+ src/tools/cargo/src/cargo/util/canonical_url.rs | 44 +++++++++++++------------
+ 2 files changed, 31 insertions(+), 20 deletions(-)
+
+diff --git a/src/tools/cargo/src/cargo/sources/git/source.rs b/src/tools/cargo/src/cargo/sources/git/source.rs
+index a75c1ec..1c8dbc8 100644
+--- a/src/tools/cargo/src/cargo/sources/git/source.rs
++++ b/src/tools/cargo/src/cargo/sources/git/source.rs
+@@ -377,6 +377,13 @@ mod test {
+ assert_eq!(ident1, ident2);
+ }
+
++ #[test]
++ fn test_canonicalize_idents_does_not_strip_dot_git_for_sparse() {
++ let ident1 = ident(&src("sparse+https://crates.io/fake-registry"));
++ let ident2 = ident(&src("sparse+https://crates.io/fake-registry.git"));
++ assert_ne!(ident1, ident2);
++ }
++
+ fn src(s: &str) -> SourceId {
+ SourceId::for_git(&s.into_url().unwrap(), GitReference::DefaultBranch).unwrap()
+ }
+diff --git a/src/tools/cargo/src/cargo/util/canonical_url.rs b/src/tools/cargo/src/cargo/util/canonical_url.rs
+index 7516e03..2716d2d 100644
+--- a/src/tools/cargo/src/cargo/util/canonical_url.rs
++++ b/src/tools/cargo/src/cargo/util/canonical_url.rs
+@@ -33,27 +33,31 @@ impl CanonicalUrl {
+ url.path_segments_mut().unwrap().pop_if_empty();
+ }
+
+- // For GitHub URLs specifically, just lower-case everything. GitHub
+- // treats both the same, but they hash differently, and we're gonna be
+- // hashing them. This wants a more general solution, and also we're
+- // almost certainly not using the same case conversion rules that GitHub
+- // does. (See issue #84)
+- if url.host_str() == Some("github.com") {
+- url = format!("https{}", &url[url::Position::AfterScheme..])
+- .parse()
+- .unwrap();
+- let path = url.path().to_lowercase();
+- url.set_path(&path);
+- }
++ // Perform further canonicalization specific to git registries, which
++ // do not contain a `+` specifier.
++ if !url.scheme().contains('+') {
++ // For GitHub URLs specifically, just lower-case everything. GitHub
++ // treats both the same, but they hash differently, and we're gonna be
++ // hashing them. This wants a more general solution, and also we're
++ // almost certainly not using the same case conversion rules that GitHub
++ // does. (See issue #84)
++ if url.host_str() == Some("github.com") {
++ url = format!("https{}", &url[url::Position::AfterScheme..])
++ .parse()
++ .unwrap();
++ let path = url.path().to_lowercase();
++ url.set_path(&path);
++ }
+
+- // Repos can generally be accessed with or without `.git` extension.
+- let needs_chopping = url.path().ends_with(".git");
+- if needs_chopping {
+- let last = {
+- let last = url.path_segments().unwrap().next_back().unwrap();
+- last[..last.len() - 4].to_owned()
+- };
+- url.path_segments_mut().unwrap().pop().push(&last);
++ // Repos can generally be accessed with or without `.git` extension.
++ let needs_chopping = url.path().ends_with(".git");
++ if needs_chopping {
++ let last = {
++ let last = url.path_segments().unwrap().next_back().unwrap();
++ last[..last.len() - 4].to_owned()
++ };
++ url.path_segments_mut().unwrap().pop().push(&last);
++ }
+ }
+
+ Ok(CanonicalUrl(url))
+--
+2.44.4
diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index 318c7f0e293..1ba82a8657f 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -13,6 +13,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n
file://0001-Handle-vendored-sources-when-remapping-paths.patch;patchdir=${RUSTSRC} \
file://repro-issue-fix-with-v175.patch;patchdir=${RUSTSRC} \
file://0001-cargo-do-not-write-host-information-into-compilation.patch;patchdir=${RUSTSRC} \
+ file://CVE-2026-5222.patch;patchdir=${RUSTSRC} \
"
SRC_URI[rust.sha256sum] = "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 22/25] cargo: Fix CVE-2026-5223
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (20 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 21/25] cargo: Fix CVE-2026-5222 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 23/25] openssh: CVE-2026-35387 patch also fixes CVE-2026-35414 Yoann Congal
` (2 subsequent siblings)
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Anil Dongare <adongare@cisco.com>
This patch applies the upstream fix as referenced in [2], using the commit shown in [1].
[1] https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577
[2] https://security-tracker.debian.org/tracker/CVE-2026-5223
Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
.../rust/files/CVE-2026-5223.patch | 114 ++++++++++++++++++
meta/recipes-devtools/rust/rust-source.inc | 1 +
2 files changed, 115 insertions(+)
create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5223.patch
diff --git a/meta/recipes-devtools/rust/files/CVE-2026-5223.patch b/meta/recipes-devtools/rust/files/CVE-2026-5223.patch
new file mode 100644
index 00000000000..5171d02dda9
--- /dev/null
+++ b/meta/recipes-devtools/rust/files/CVE-2026-5223.patch
@@ -0,0 +1,114 @@
+From 285cebf58911eca5b7f177f5d0b1c53e1f646577 Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Mon, 30 Mar 2026 10:35:55 -0700
+Subject: [PATCH] CVE-2026-5223: prohibit unpacking symlinks and other
+ unexpected entries
+
+Cargo has historically not allowed creating .crate packages containing
+symlinks. (It packages the symlink target in place of the symlink,
+instead.) So, any package containing a symlink would have to be
+hand-constructed. Such packages are also not allowed on crates.io, so it
+could only come from an alternate registry.
+
+Rather than dealing with symlink traversal attacks when unpacking a
+crate, just prohibit symlinks entirely.
+
+In the process, also prohibit other kinds of unusual entries. As an
+exception, allow character devices but warn about them, because some
+exist in crates on crates.io.
+
+CVE: CVE-2026-5223
+Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577]
+
+Backport Changes:
+- Adapted to Cargo 0.76.0 in Rust 1.75.0, where unpack_package() still carries
+ the extraction loop directly and the newer smuggled-symlink regression test
+ is not present.
+
+(cherry picked from commit 285cebf58911eca5b7f177f5d0b1c53e1f646577)
+Signed-off-by: Anil Dongare <adongare@cisco.com>
+---
+ src/tools/cargo/src/cargo/sources/registry/mod.rs | 9 ++++++++-
+ src/tools/cargo/tests/testsuite/registry.rs | 31 ++++++++++++-----------
+ 2 files changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+index 7ee461e..c97d96d 100644
+--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs
++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs
+@@ -197,7 +197,7 @@ use cargo_util::paths::{self, exclude_from_backups_and_indexing};
+ use flate2::read::GzDecoder;
+ use serde::Deserialize;
+ use serde::Serialize;
+-use tar::Archive;
++use tar::{Archive, EntryType};
+ use tracing::debug;
+
+ use crate::core::dependency::Dependency;
+@@ -636,6 +636,13 @@ impl<'cfg> RegistrySource<'cfg> {
+ prefix
+ )
+ }
++ // Prevent unpacking symlinks and other unexpected entry types.
++ match entry.header().entry_type() {
++ EntryType::Regular | EntryType::Directory => {}
++ t => anyhow::bail!(
++ "invalid tarball downloaded, contains an entry at {entry_path:?} with invalid type {t:?}",
++ ),
++ }
+ // Prevent unpacking the lockfile from the crate itself.
+ if entry_path
+ .file_name()
+diff --git a/src/tools/cargo/tests/testsuite/registry.rs b/src/tools/cargo/tests/testsuite/registry.rs
+index b5dff27..178bfff 100644
+--- a/src/tools/cargo/tests/testsuite/registry.rs
++++ b/src/tools/cargo/tests/testsuite/registry.rs
+@@ -2550,8 +2550,7 @@ fn package_lock_inside_package_is_overwritten() {
+ }
+
+ #[cargo_test]
+-fn package_lock_as_a_symlink_inside_package_is_overwritten() {
+- let registry = registry::init();
++fn package_lock_as_a_symlink_inside_package_is_invalid() {
+ let p = project()
+ .file(
+ "Cargo.toml",
+@@ -2573,21 +2572,23 @@ fn package_lock_as_a_symlink_inside_package_is_overwritten() {
+ .symlink(".cargo-ok", "src/lib.rs")
+ .publish();
+
+- p.cargo("check").run();
++ p.cargo("check")
++ .with_status(101)
++ .with_stderr_data(str![[r#"
++[UPDATING] `dummy-registry` index
++[LOCKING] 1 package to latest compatible version
++[DOWNLOADING] crates ...
++[DOWNLOADED] bar v0.0.1 (registry `dummy-registry`)
++[ERROR] failed to download replaced source registry `crates-io`
+
+- let id = SourceId::for_registry(registry.index_url()).unwrap();
+- let hash = cargo::util::hex::short_hash(&id);
+- let pkg_root = cargo_home()
+- .join("registry")
+- .join("src")
+- .join(format!("-{}", hash))
+- .join("bar-0.0.1");
+- let ok = pkg_root.join(".cargo-ok");
+- let librs = pkg_root.join("src/lib.rs");
++Caused by:
++ failed to unpack package `bar v0.0.1 (registry `dummy-registry`)`
+
+- // Is correctly overwritten and doesn't affect the file linked to
+- assert_eq!(ok.metadata().unwrap().len(), 7);
+- assert_eq!(fs::read_to_string(librs).unwrap(), "pub fn f() {}");
++Caused by:
++ invalid tarball downloaded, contains an entry at "bar-0.0.1/.cargo-ok" with invalid type Symlink
++
++"#]])
++ .run();
+ }
+
+ #[cargo_test]
+--
+2.44.4
diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index 1ba82a8657f..c2abe288899 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -14,6 +14,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n
file://repro-issue-fix-with-v175.patch;patchdir=${RUSTSRC} \
file://0001-cargo-do-not-write-host-information-into-compilation.patch;patchdir=${RUSTSRC} \
file://CVE-2026-5222.patch;patchdir=${RUSTSRC} \
+ file://CVE-2026-5223.patch;patchdir=${RUSTSRC} \
"
SRC_URI[rust.sha256sum] = "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 23/25] openssh: CVE-2026-35387 patch also fixes CVE-2026-35414
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (21 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 22/25] cargo: Fix CVE-2026-5223 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 24/25] libgcrypt: upgrade 1.10.3 -> 1.10.4 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 25/25] cve-update: Avoid NFS caching issues Yoann Congal
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
The openssh commit fd1c7e131f331942d20f42f31e79912d570081fa fixes 2 CVEs:
CVE-2026-35414 and CVE-2026-35387.
CVE-2026-35414:
| OpenSSH before 10.3 mishandles the authorized_keys principals option
| in uncommon scenarios involving a principals list in conjunction
| with a Certificate Authority that makes certain use of comma
| characters.
The match_principals_option() function is fixed. Before this fix:
When matching an authorized_keys principals="" option against a list of
principals in a certificate, an incorrect algorithm was used that could
allow inappropriate matching in cases where a principal name in the
certificate contains a comma character. Exploitation of the condition
requires an authorized_keys principals="" option that lists more than
one principal *and* a CA that will issue a certificate that encodes more
than one of these principal names separated by a comma (typical CAs
strongly constrain which principal names they will place in a
certificate). This condition only applies to user- trusted CA keys in
authorized_keys, the main certificate authentication path
(TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected.
CVE-2026-35387:
| OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of
| any ECDSA algorithm in PubkeyAcceptedAlgorithms or
| HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA
| algorithms.
The rest of the patch allows to correctly match ECDSA signature algorithms
against algorithm allowlists.
The full explanation can be found on debian repository:
https://salsa.debian.org/ssh-team/openssh/-/commit/ae190b6440b7c599d759527965334eeb49cc75b3
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...CVE-2026-35387.patch => CVE-2026-35414-CVE-2026-35387.patch} | 2 +-
meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/openssh/openssh/{CVE-2026-35387.patch => CVE-2026-35414-CVE-2026-35387.patch} (99%)
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35414-CVE-2026-35387.patch
similarity index 99%
rename from meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch
rename to meta/recipes-connectivity/openssh/openssh/CVE-2026-35414-CVE-2026-35387.patch
index c4806bd9935..4839d76fa80 100644
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35414-CVE-2026-35387.patch
@@ -14,7 +14,7 @@ Reported by Christos Papakonstantinou of Cantina and Spearbit.
OpenBSD-Commit-ID: c790e2687c35989ae34a00e709be935c55b16a86
-CVE: CVE-2026-35387
+CVE: CVE-2026-35414 CVE-2026-35387
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fd1c7e131f331942d20f42f31e79912d570081fa]
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
---
diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index ea158b56b41..4193bc8a5b4 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -35,7 +35,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2025-61985.patch \
file://CVE-2025-61984_CVE-2026-35386.patch \
file://CVE-2026-35385.patch \
- file://CVE-2026-35387.patch \
+ file://CVE-2026-35414-CVE-2026-35387.patch \
file://CVE-2026-35388.patch \
"
SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 24/25] libgcrypt: upgrade 1.10.3 -> 1.10.4
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (22 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 23/25] openssh: CVE-2026-35387 patch also fixes CVE-2026-35414 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 25/25] cve-update: Avoid NFS caching issues Yoann Congal
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Jakub Szczudlo <jakubszczudlo40@gmail.com>
Release notes are here:
https://dev.gnupg.org/T8233.html
Update contains fix for CVE-2026-41989 and because of building error patch need to be
updated to fix compile flags in new version.
Signed-off-by: Jakub Szczudlo <jakubszczudlo40@gmail.com>
[YC: upgrades contains
"mpi/ec-inline: refactor i386 assembly to reduce register usage" which
looks like optimisation but it is actually a fix for a build failure.
See: https://dev.gnupg.org/T6892.html]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
...ilding-error-with-O2-in-sysroot-path.patch | 64 -------------------
...r-handle-substitution-in-sed-command.patch | 49 ++++++++++++++
...ibgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} | 4 +-
3 files changed, 51 insertions(+), 66 deletions(-)
delete mode 100644 meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch
rename meta/recipes-support/libgcrypt/{libgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} (92%)
diff --git a/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
deleted file mode 100644
index dee4969f35e..00000000000
--- a/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From b99952adc6ee611641709610d2e4dc90ba9acf37 Mon Sep 17 00:00:00 2001
-From: "simit.ghane" <simit.ghane@lge.com>
-Date: Tue, 7 May 2024 14:09:03 +0530
-Subject: [PATCH] Fix building error with '-O2' in sysroot path
-
-* cipher/Makefile.am (o_flag_munging): Tweak the sed script.
-* random/Makefile.am (o_flag_munging): Ditto.
---
-
-Characters like '-O2' or '-Ofast' will be replaced by '-O1' and '-O0'
-respectively when compiling cipher and random in the filesystem
-paths as well if they happen to contain '-O2' or '-Ofast
-
-If we are cross compiling libgcrypt and sysroot contains such
-characters, we would
-get compile errors because the sysroot path has been modified.
-
-Fix this by adding blank spaces and tabs before the original matching
-pattern in the sed command.
-
-Signed-off-by: simit.ghane <simit.ghane@lge.com>
-
-ChangeLog entries added by wk
-
-Note that there is also the configure option --disable-O-flag-munging;
-see the README.
-
-Upstream-Status: Backport [https://dev.gnupg.org/rCb99952adc6ee611641709610d2e4dc90ba9acf37 https://dev.gnupg.org/rC5afadba008918d651afefb842ae123cc18454c74]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- cipher/Makefile.am | 2 +-
- random/Makefile.am | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/cipher/Makefile.am b/cipher/Makefile.am
-index 2c39586e..a914ed2b 100644
---- a/cipher/Makefile.am
-+++ b/cipher/Makefile.am
-@@ -168,7 +168,7 @@ gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c
-
-
- if ENABLE_O_FLAG_MUNGING
--o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g'
-+o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /g' -e 's/[[:blank:]]-Ofast/ -O1 /g'
- else
- o_flag_munging = cat
- endif
-diff --git a/random/Makefile.am b/random/Makefile.am
-index 0c935a05..340df38a 100644
---- a/random/Makefile.am
-+++ b/random/Makefile.am
-@@ -56,7 +56,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
-
- # The rndjent module needs to be compiled without optimization. */
- if ENABLE_O_FLAG_MUNGING
--o_flag_munging = sed -e 's/-O\([1-9sgz][1-9sgz]*\)/-O0/g' -e 's/-Ofast/-O0/g'
-+o_flag_munging = sed -e 's/[[:blank:]]-O\([1-9sgz][1-9sgz]*\)/ -O0 /g' -e 's/[[:blank:]]-Ofast/ -O0 /g'
- else
- o_flag_munging = cat
- endif
---
-2.44.1
-
diff --git a/meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch b/meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch
new file mode 100644
index 00000000000..35c7527e835
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch
@@ -0,0 +1,49 @@
+From e96df0c82e086bf348753d2d0fa37fa6191b4b14 Mon Sep 17 00:00:00 2001
+From: "simit.ghane" <simit.ghane@lge.com>
+Date: Tue, 11 Jun 2024 07:22:28 +0530
+Subject: [PATCH] random:cipher: handle substitution in sed command
+
+Upstream-Status: Backport [https://github.com/gpg/libgcrypt/commit/e96df0c82e086bf348753d2d0fa37fa6191b4b14]
+
+* cipher/Makefile.am (o_flag_munging): Add 'g' flag for first sed
+expression.
+* random/Makefile.am (o_flag_munging): Likewise.
+--
+
+It was there earlier and accidentally removed from
+Makefile.am of cipher and random
+
+Signed-off-by: simit.ghane <simit.ghane@lge.com>
+[jk: add changelog to commit message]
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+---
+ cipher/Makefile.am | 2 +-
+ random/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cipher/Makefile.am b/cipher/Makefile.am
+index ea9014cc98..149c9f2101 100644
+--- a/cipher/Makefile.am
++++ b/cipher/Makefile.am
+@@ -169,7 +169,7 @@ gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c
+
+
+ if ENABLE_O_FLAG_MUNGING
+-o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /' -e 's/[[:blank:]]-Ofast/ -O1 /g'
++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /g' -e 's/[[:blank:]]-Ofast/ -O1 /g'
+ else
+ o_flag_munging = cat
+ endif
+diff --git a/random/Makefile.am b/random/Makefile.am
+index c7100ef8b8..a42e430649 100644
+--- a/random/Makefile.am
++++ b/random/Makefile.am
+@@ -56,7 +56,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h
+
+ # The rndjent module needs to be compiled without optimization. */
+ if ENABLE_O_FLAG_MUNGING
+-o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O0 /' -e 's/[[:blank:]]-Ofast/ -O0 /g'
++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O0 /g' -e 's/[[:blank:]]-Ofast/ -O0 /g'
+ else
+ o_flag_munging = cat
+ endif
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.4.bb
similarity index 92%
rename from meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
rename to meta/recipes-support/libgcrypt/libgcrypt_1.10.4.bb
index 3d49d586bb7..96e3a692b6f 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.4.bb
@@ -25,9 +25,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://no-native-gpg-error.patch \
file://no-bench-slope.patch \
file://run-ptest \
- file://0001-Fix-building-error-with-O2-in-sysroot-path.patch \
+ file://0002-random-cipher-handle-substitution-in-sed-command.patch \
"
-SRC_URI[sha256sum] = "8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa"
+SRC_URI[sha256sum] = "d6d2f835a79711ceba54b53d1081d388d24fb0341d79a268a6557e12908a90a0"
BINCONFIG = "${bindir}/libgcrypt-config"
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][scarthgap 25/25] cve-update: Avoid NFS caching issues
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
` (23 preceding siblings ...)
2026-07-09 10:06 ` [OE-core][scarthgap 24/25] libgcrypt: upgrade 1.10.3 -> 1.10.4 Yoann Congal
@ 2026-07-09 10:06 ` Yoann Congal
24 siblings, 0 replies; 30+ messages in thread
From: Yoann Congal @ 2026-07-09 10:06 UTC (permalink / raw)
To: openembedded-core
From: Paul Barker <paul@pbarker.dev>
When moving the updated CVE database file to the downloads directory,
ensure that it has a different inode number to the previous version of
this file.
We have seen "sqlite3.DatabaseError: database disk image is malformed"
exceptions on our autobuilder when trying to read the CVE database in
do_cve_check tasks. The context here is that the downloads directory
(where the updated database file is copied to) is shared between workers
as an NFS mount. Different autobuilder workers were seeing different
checksums for the database file, which indicates that a mix of both new
and stale data was being read. Forcing each new version of the database
file to have a different inode number will prevent stale data from being
read from local caches.
This should fix [YOCTO #16086].
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f63622bbec1cfaca6d0b3e05e11466e4c10fa86e)
[YC: removed cve-update-db-native part, file was removed in
17eb0788514 (cve-update-db-native: remove, 2023-06-23)]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
meta/recipes-core/meta/cve-update-nvd2-native.bb | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 945bd1d927c..303309bebdc 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -88,8 +88,13 @@ python do_fetch() {
shutil.copy2(db_file, db_tmp_file)
if update_db_file(db_tmp_file, d, database_time) == True:
- # Update downloaded correctly, can swap files
- shutil.move(db_tmp_file, db_file)
+ # Update downloaded correctly, we can swap files. To avoid potential
+ # NFS caching issues, ensure that the destination file has a new inode
+ # number. We do this in two steps as the downloads directory may be on
+ # a different filesystem to tmpdir we're working in.
+ new_file = "%s.new" % (db_file)
+ shutil.move(db_tmp_file, new_file)
+ os.rename(new_file, db_file)
else:
# Update failed, do not modify the database
bb.warn("CVE database update failed")
^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag
2026-07-09 10:06 ` [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag Yoann Congal
@ 2026-07-14 12:54 ` Paul Barker
0 siblings, 0 replies; 30+ messages in thread
From: Paul Barker @ 2026-07-14 12:54 UTC (permalink / raw)
To: Yoann Congal, openembedded-core
[-- Attachment #1: Type: text/plain, Size: 549 bytes --]
On Thu, 2026-07-09 at 12:06 +0200, Yoann Congal wrote:
> From: Harish Sadineni <Harish.Sadineni@windriver.com>
>
> CVE-2025-69648 was marked as a duplicate of CVE-2025-69646. The
> existing patch already fixes the issue associated with both CVEs.
>
> Update the "CVE:" tag to reference both identifiers.
>
> Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
> Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Hi Yoann,
Please drop this, I have replied to the original patch.
Best regards,
--
Paul Barker
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 30+ messages in thread
end of thread, other threads:[~2026-07-14 12:54 UTC | newest]
Thread overview: 30+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-09 10:06 [OE-core][scarthgap 00/25] Patch review Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 01/25] libssh2: fix CVE-2026-55200 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 02/25] libssh2: fix CVE-2026-55199 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 03/25] tar: Fix CVE-2026-5704 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 04/25] sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 05/25] curl: fix CVE-2026-5773 - wrong reuse of SMB connection Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag Yoann Congal
2026-07-14 12:54 ` Paul Barker
2026-07-09 10:06 ` [OE-core][scarthgap 07/25] dhcpcd: patch CVE-2026-56113 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 08/25] dhcpcd: patch CVE-2026-56114 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 09/25] dhcpcd: patch CVE-2026-56117 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 10/25] vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 11/25] vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 12/25] vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 13/25] vim: Security fix for CVE-2026-28420 & CVE-2026-46483 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 14/25] perl: patch CVE-2026-8376 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 15/25] curl: fix CVE-2026-6276 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 16/25] linux-yocto/6.6: update CVE exclusions (6.6.142) Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 17/25] binutils: Fix CVE-2026-6846 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 18/25] qemu: Fix CVE-2025-14876 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 19/25] qemu: Fix CVE-2026-0665 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 20/25] qemu: Fix CVE-2026-2243 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 21/25] cargo: Fix CVE-2026-5222 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 22/25] cargo: Fix CVE-2026-5223 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 23/25] openssh: CVE-2026-35387 patch also fixes CVE-2026-35414 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 24/25] libgcrypt: upgrade 1.10.3 -> 1.10.4 Yoann Congal
2026-07-09 10:06 ` [OE-core][scarthgap 25/25] cve-update: Avoid NFS caching issues Yoann Congal
-- strict thread matches above, loose matches on Subject: below --
2026-06-05 22:33 [OE-core][scarthgap 00/25] Patch review Yoann Congal
2026-02-09 9:28 Yoann Congal
2025-01-04 13:41 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox